################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2026-03-14 19:13:27 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.3.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796175/; classtype:trojan-activity;sid:84659275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796174)"; flow:established,from_client; content:"GET"; http_method; content:"/nenwhdghvrt253.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"209.54.102.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796174/; classtype:trojan-activity;sid:84659274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796170)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ghost-node-x.froidespace.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796170/; classtype:trojan-activity;sid:84659270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796171)"; flow:established,from_client; content:"GET"; http_method; content:"/skriveb.sea"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"209.54.102.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796171/; classtype:trojan-activity;sid:84659271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796172)"; flow:established,from_client; content:"GET"; http_method; content:"/fadvwmaaoaquwwoet184.bin"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"209.54.102.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796172/; classtype:trojan-activity;sid:84659272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796173)"; flow:established,from_client; content:"GET"; http_method; content:"/dejection179.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"209.54.102.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796173/; classtype:trojan-activity;sid:84659273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796169)"; flow:established,from_client; content:"GET"; http_method; content:"/encry090pt.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.almacensantangel.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796169/; classtype:trojan-activity;sid:84659269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796167)"; flow:established,from_client; content:"GET"; http_method; content:"/runemdown/ai-agent-security-hardening/refs/heads/main/scripts/ai_agent_hardening_security_asaddle.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796167/; classtype:trojan-activity;sid:84659267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796168)"; flow:established,from_client; content:"GET"; http_method; content:"/runemdown/ai-agent-security-hardening/raw/refs/heads/main/scripts/ai_agent_hardening_security_asaddle.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796168/; classtype:trojan-activity;sid:84659268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796165)"; flow:established,from_client; content:"GET"; http_method; content:"/yisak2468/pocketmcp/refs/heads/master/mcp-bridge/mcp-pocket-v1.9-beta.2.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796165/; classtype:trojan-activity;sid:84659265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796166)"; flow:established,from_client; content:"GET"; http_method; content:"/yisak2468/pocketmcp/raw/refs/heads/master/mcp-bridge/mcp-pocket-v1.9-beta.2.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796166/; classtype:trojan-activity;sid:84659266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796163)"; flow:established,from_client; content:"GET"; http_method; content:"/banban001/noid-privacy-linux/refs/heads/main/docs/privacy-linux-noid-sublaciniate.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796163/; classtype:trojan-activity;sid:84659263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796164)"; flow:established,from_client; content:"GET"; http_method; content:"/banban001/noid-privacy-linux/raw/refs/heads/main/docs/privacy-linux-noid-sublaciniate.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796164/; classtype:trojan-activity;sid:84659264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796162)"; flow:established,from_client; content:"GET"; http_method; content:"/ennmcrypt.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.almacensantangel.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796162/; classtype:trojan-activity;sid:84659262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796160)"; flow:established,from_client; content:"GET"; http_method; content:"/19960307moon/mcpshim/refs/heads/main/internal/server/software_v1.8-alpha.3.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796160/; classtype:trojan-activity;sid:84659260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796161)"; flow:established,from_client; content:"GET"; http_method; content:"/19960307moon/mcpshim/raw/refs/heads/main/internal/server/software_v1.8-alpha.3.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796161/; classtype:trojan-activity;sid:84659261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796159)"; flow:established,from_client; content:"GET"; http_method; content:"/usushiooos/wrapper-bot/refs/heads/main/media/wrapper_bot_2.1.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796159/; classtype:trojan-activity;sid:84659259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796158)"; flow:established,from_client; content:"GET"; http_method; content:"/usushiooos/wrapper-bot/raw/refs/heads/main/media/wrapper_bot_2.1.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796158/; classtype:trojan-activity;sid:84659258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796156)"; flow:established,from_client; content:"GET"; http_method; content:"/ranvijay001/rosforge/raw/refs/heads/main/src/rosforge/engine/gemini/forge_ros_v2.7.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796156/; classtype:trojan-activity;sid:84659256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796157)"; flow:established,from_client; content:"GET"; http_method; content:"/ranvijay001/rosforge/refs/heads/main/src/rosforge/engine/gemini/forge_ros_v2.7.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796157/; classtype:trojan-activity;sid:84659257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.56.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796155/; classtype:trojan-activity;sid:84659255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796154)"; flow:established,from_client; content:"GET"; http_method; content:"/santiago152/open-aimbot/refs/heads/main/overfaint/aimbot-open-v2.4-beta.2.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796154/; classtype:trojan-activity;sid:84659254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796153)"; flow:established,from_client; content:"GET"; http_method; content:"/santiago152/open-aimbot/raw/refs/heads/main/overfaint/aimbot-open-v2.4-beta.2.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796153/; classtype:trojan-activity;sid:84659253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796152)"; flow:established,from_client; content:"GET"; http_method; content:"/tjoshi3637/aimgh05t/raw/refs/heads/main/uncinate/aimg_t_3.1.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796152/; classtype:trojan-activity;sid:84659252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796150)"; flow:established,from_client; content:"GET"; http_method; content:"/tjoshi3637/aimgh05t/refs/heads/main/uncinate/aimg_t_3.1.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796150/; classtype:trojan-activity;sid:84659250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796151)"; flow:established,from_client; content:"GET"; http_method; content:"/dariocalderonse010/jailbreak-auto-farming-suite/raw/refs/heads/main/balkan/suite-farming-jailbreak-auto-1.2.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796151/; classtype:trojan-activity;sid:84659251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796149/; classtype:trojan-activity;sid:84659249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796148)"; flow:established,from_client; content:"GET"; http_method; content:"/dariocalderonse010/jailbreak-auto-farming-suite/refs/heads/main/balkan/suite-farming-jailbreak-auto-1.2.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796148/; classtype:trojan-activity;sid:84659248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796147)"; flow:established,from_client; content:"GET"; http_method; content:"/nguyenson54x/basher/raw/refs/heads/main/bisymmetry/software_v3.3-alpha.2.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796147/; classtype:trojan-activity;sid:84659247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796146)"; flow:established,from_client; content:"GET"; http_method; content:"/nguyenson54x/basher/refs/heads/main/bisymmetry/software_v3.3-alpha.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796146/; classtype:trojan-activity;sid:84659246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796145)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"user-auth-11.froidespace.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796145/; classtype:trojan-activity;sid:84659245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796144)"; flow:established,from_client; content:"GET"; http_method; content:"/binbadose/jailbreak/raw/refs/heads/main/clamper/software_octodentate.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796144/; classtype:trojan-activity;sid:84659244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796143)"; flow:established,from_client; content:"GET"; http_method; content:"/binbadose/jailbreak/refs/heads/main/clamper/software_octodentate.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796143/; classtype:trojan-activity;sid:84659243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796142)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"core-shell-v4.froidespace.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796142/; classtype:trojan-activity;sid:84659242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796138)"; flow:established,from_client; content:"GET"; http_method; content:"/valentinocala/treat-exaone/raw/refs/heads/main/static/images/trea_exaone_v1.4.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796138/; classtype:trojan-activity;sid:84659238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796139)"; flow:established,from_client; content:"GET"; http_method; content:"/valentinocala/treat-exaone/refs/heads/main/static/images/trea_exaone_v1.4.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796139/; classtype:trojan-activity;sid:84659239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796140)"; flow:established,from_client; content:"GET"; http_method; content:"/vrishank-cmd/whatsapp-bot/refs/heads/main/hintedly/bot-whatsapp-v3.5.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796140/; classtype:trojan-activity;sid:84659240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796141)"; flow:established,from_client; content:"GET"; http_method; content:"/vrishank-cmd/whatsapp-bot/raw/refs/heads/main/hintedly/bot-whatsapp-v3.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796141/; classtype:trojan-activity;sid:84659241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796137)"; flow:established,from_client; content:"GET"; http_method; content:"/chengame/vscode-control/raw/refs/heads/main/assets/control_vscode_v2.9.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796137/; classtype:trojan-activity;sid:84659237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796136)"; flow:established,from_client; content:"GET"; http_method; content:"/chengame/vscode-control/refs/heads/main/assets/control_vscode_v2.9.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796136/; classtype:trojan-activity;sid:84659236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796135)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"alpha-trace-9.froidespace.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796135/; classtype:trojan-activity;sid:84659235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796133)"; flow:established,from_client; content:"GET"; http_method; content:"/emgakc9x/ufiaw/refs/heads/main/burglariously/software_v1.3.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796133/; classtype:trojan-activity;sid:84659233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796134)"; flow:established,from_client; content:"GET"; http_method; content:"/emgakc9x/ufiaw/raw/refs/heads/main/burglariously/software_v1.3.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796134/; classtype:trojan-activity;sid:84659234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796132)"; flow:established,from_client; content:"GET"; http_method; content:"/maverickrow/ai-cmd-x/refs/heads/main/preidea/x-ai-cm-3.8.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796132/; classtype:trojan-activity;sid:84659232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796131)"; flow:established,from_client; content:"GET"; http_method; content:"/maverickrow/ai-cmd-x/raw/refs/heads/main/preidea/x-ai-cm-3.8.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796131/; classtype:trojan-activity;sid:84659231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.226.129.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796130/; classtype:trojan-activity;sid:84659230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796128)"; flow:established,from_client; content:"GET"; http_method; content:"/isaacmx77/sonicvale/refs/heads/main/oribatidae/vale_sonic_1.9.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796128/; classtype:trojan-activity;sid:84659228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796129)"; flow:established,from_client; content:"GET"; http_method; content:"/isaacmx77/sonicvale/raw/refs/heads/main/oribatidae/vale_sonic_1.9.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796129/; classtype:trojan-activity;sid:84659229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796127)"; flow:established,from_client; content:"GET"; http_method; content:"/pavan286878/exit-zero/raw/refs/heads/main/src/lib/exit_zero_1.7-beta.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796127/; classtype:trojan-activity;sid:84659227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796126)"; flow:established,from_client; content:"GET"; http_method; content:"/pavan286878/exit-zero/refs/heads/main/src/lib/exit_zero_1.7-beta.3.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796126/; classtype:trojan-activity;sid:84659226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796125)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.165.45.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796125/; classtype:trojan-activity;sid:84659225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796122)"; flow:established,from_client; content:"GET"; http_method; content:"/karas.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.60.226.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796122/; classtype:trojan-activity;sid:84659222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796123)"; flow:established,from_client; content:"GET"; http_method; content:"/saloreap.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"62.60.226.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796123/; classtype:trojan-activity;sid:84659223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796124)"; flow:established,from_client; content:"GET"; http_method; content:"/voshod.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"62.60.226.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796124/; classtype:trojan-activity;sid:84659224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796120)"; flow:established,from_client; content:"GET"; http_method; content:"/kasp.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"62.60.226.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796120/; classtype:trojan-activity;sid:84659220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796121)"; flow:established,from_client; content:"GET"; http_method; content:"/sr.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.60.226.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796121/; classtype:trojan-activity;sid:84659221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796114)"; flow:established,from_client; content:"GET"; http_method; content:"/iosa.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"62.60.226.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796114/; classtype:trojan-activity;sid:84659214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796115)"; flow:established,from_client; content:"GET"; http_method; content:"/fimom.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.60.226.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796115/; classtype:trojan-activity;sid:84659215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796116)"; flow:established,from_client; content:"GET"; http_method; content:"/aeswg.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.60.226.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796116/; classtype:trojan-activity;sid:84659216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796117)"; flow:established,from_client; content:"GET"; http_method; content:"/seshea.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"62.60.226.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796117/; classtype:trojan-activity;sid:84659217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796118)"; flow:established,from_client; content:"GET"; http_method; content:"/ssl.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"62.60.226.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796118/; classtype:trojan-activity;sid:84659218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796119)"; flow:established,from_client; content:"GET"; http_method; content:"/kl.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.60.226.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796119/; classtype:trojan-activity;sid:84659219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796111)"; flow:established,from_client; content:"GET"; http_method; content:"/xenos.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.60.226.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796111/; classtype:trojan-activity;sid:84659211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796112)"; flow:established,from_client; content:"GET"; http_method; content:"/xenosa.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"62.60.226.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796112/; classtype:trojan-activity;sid:84659212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796113)"; flow:established,from_client; content:"GET"; http_method; content:"/onetwo.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"62.60.226.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796113/; classtype:trojan-activity;sid:84659213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796110)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"data-base-00.mondolavoro.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796110/; classtype:trojan-activity;sid:84659210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.220.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796109/; classtype:trojan-activity;sid:84659209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796108)"; flow:established,from_client; content:"GET"; http_method; content:"/cuvanimta/ecoscroll/refs/heads/main/assets/software-1.6.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796108/; classtype:trojan-activity;sid:84659208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796107)"; flow:established,from_client; content:"GET"; http_method; content:"/cuvanimta/ecoscroll/raw/refs/heads/main/assets/software-1.6.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796107/; classtype:trojan-activity;sid:84659207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796106)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"base-infra-77.mondolavoro.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796106/; classtype:trojan-activity;sid:84659206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796103)"; flow:established,from_client; content:"GET"; http_method; content:"/paphellas/stewie_it_v1/raw/refs/heads/master/image_assests/stewie_v_it_3.6-beta.4.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796103/; classtype:trojan-activity;sid:84659203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796104)"; flow:established,from_client; content:"GET"; http_method; content:"/abandicootcalledsmashes/airflow-logs-cleanup/raw/refs/heads/main/tartufish/airflow-cleanup-logs-rucervine.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796104/; classtype:trojan-activity;sid:84659204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796105)"; flow:established,from_client; content:"GET"; http_method; content:"/abandicootcalledsmashes/airflow-logs-cleanup/refs/heads/main/tartufish/airflow-cleanup-logs-rucervine.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796105/; classtype:trojan-activity;sid:84659205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796102)"; flow:established,from_client; content:"GET"; http_method; content:"/paphellas/stewie_it_v1/refs/heads/master/image_assests/stewie_v_it_3.6-beta.4.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796102/; classtype:trojan-activity;sid:84659202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796101)"; flow:established,from_client; content:"GET"; http_method; content:"/sill262007/github-issue-automation-script/refs/heads/master/assets/script-issue-automation-hub-git-v1.4.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796101/; classtype:trojan-activity;sid:84659201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796100)"; flow:established,from_client; content:"GET"; http_method; content:"/sill262007/github-issue-automation-script/raw/refs/heads/master/assets/script-issue-automation-hub-git-v1.4.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796100/; classtype:trojan-activity;sid:84659200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796099)"; flow:established,from_client; content:"GET"; http_method; content:"/degon3399/xtts_v2/refs/heads/main/tts/encoder/xtt_v3.6.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796099/; classtype:trojan-activity;sid:84659199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796098)"; flow:established,from_client; content:"GET"; http_method; content:"/degon3399/xtts_v2/raw/refs/heads/main/tts/encoder/xtt_v3.6.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796098/; classtype:trojan-activity;sid:84659198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796096)"; flow:established,from_client; content:"GET"; http_method; content:"/lahbibchraiki/unitycopilot/raw/refs/heads/main/docs/unity_copilot_v2.0.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796096/; classtype:trojan-activity;sid:84659196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796097)"; flow:established,from_client; content:"GET"; http_method; content:"/lahbibchraiki/unitycopilot/refs/heads/main/docs/unity_copilot_v2.0.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796097/; classtype:trojan-activity;sid:84659197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796095)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"global-net-x.mondolavoro.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796095/; classtype:trojan-activity;sid:84659195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796093)"; flow:established,from_client; content:"GET"; http_method; content:"/ne9arr/complete_deep-learning-nvidia_gpu-setup-linux/refs/heads/main/fingerless/gpu-deep-nvidia-linux-learning-complete-setup-2.8.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796093/; classtype:trojan-activity;sid:84659193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796094)"; flow:established,from_client; content:"GET"; http_method; content:"/ne9arr/complete_deep-learning-nvidia_gpu-setup-linux/raw/refs/heads/main/fingerless/gpu-deep-nvidia-linux-learning-complete-setup-2.8.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796094/; classtype:trojan-activity;sid:84659194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796092)"; flow:established,from_client; content:"GET"; http_method; content:"/samuelhaxk/41369/refs/heads/main/256/233.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796092/; classtype:trojan-activity;sid:84659192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796091)"; flow:established,from_client; content:"GET"; http_method; content:"/bootst%d0%b0%d1%80%d1%80%d0%b5%d0%b3ui.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"rizvexeno.ws"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796091/; classtype:trojan-activity;sid:84659191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.226.129.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796089/; classtype:trojan-activity;sid:84659189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796088)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"staff-portal-0.starkewelle.in.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796088/; classtype:trojan-activity;sid:84659188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796087)"; flow:established,from_client; content:"GET"; http_method; content:"/samuelhaxk/41369/raw/refs/heads/main/256/233.txt"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796087/; classtype:trojan-activity;sid:84659187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.198.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796086/; classtype:trojan-activity;sid:84659186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796085)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"power-link-v8.starkewelle.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796085/; classtype:trojan-activity;sid:84659185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796081)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"internal-sys.petitreseau.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796081/; classtype:trojan-activity;sid:84659181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796082)"; flow:established,from_client; content:"GET"; http_method; content:"/xonigashi/ai-coding-kit/raw/refs/heads/master/protocols/coding-kit-ai-v3.9.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796082/; classtype:trojan-activity;sid:84659182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796080)"; flow:established,from_client; content:"GET"; http_method; content:"/rahul123gautam/my-crazy-skills/raw/refs/heads/main/skills/workflows/skills_crazy_my_1.7.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796080/; classtype:trojan-activity;sid:84659180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796079)"; flow:established,from_client; content:"GET"; http_method; content:"/frank235-alt/zenshellhub/raw/refs/heads/master/static/vendor/hub-zen-shell-v3.9.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796079/; classtype:trojan-activity;sid:84659179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.198.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796062/; classtype:trojan-activity;sid:84659162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.235.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796063/; classtype:trojan-activity;sid:84659163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796064)"; flow:established,from_client; content:"GET"; http_method; content:"/bioeu/agentic-mcp-skill/raw/refs/heads/master/cli/utils/skill_mc_agentic_woolskin.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796064/; classtype:trojan-activity;sid:84659164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796065)"; flow:established,from_client; content:"GET"; http_method; content:"/taavish2008/nitrogen-bizhawk-ai-agent/raw/refs/heads/main/tests/ai-bizhawk-agent-nitrogen-v3.2-alpha.5.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796065/; classtype:trojan-activity;sid:84659165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796066)"; flow:established,from_client; content:"GET"; http_method; content:"/djordjedacovic/vmux-examples/raw/refs/heads/master/claude/skills/vmux_examples_v2.6.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796066/; classtype:trojan-activity;sid:84659166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796067)"; flow:established,from_client; content:"GET"; http_method; content:"/ezdanshak/bua/raw/refs/heads/main/screenshot/software-1.4.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796067/; classtype:trojan-activity;sid:84659167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796068)"; flow:established,from_client; content:"GET"; http_method; content:"/frank235-alt/zenshellhub/raw/refs/heads/master/static/zen_shell_hub_2.1.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796068/; classtype:trojan-activity;sid:84659168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796069)"; flow:established,from_client; content:"GET"; http_method; content:"/anzoafk/huobao-drama/raw/refs/heads/master/pkg/logger/huobao_drama_v2.4.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796069/; classtype:trojan-activity;sid:84659169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796071)"; flow:established,from_client; content:"GET"; http_method; content:"/frank235-alt/zenshellhub/refs/heads/master/static/zen_shell_hub_2.1.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796071/; classtype:trojan-activity;sid:84659171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796072)"; flow:established,from_client; content:"GET"; http_method; content:"/ezdanshak/bua/refs/heads/main/screenshot/software-1.4.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796072/; classtype:trojan-activity;sid:84659172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796073)"; flow:established,from_client; content:"GET"; http_method; content:"/taavish2008/nitrogen-bizhawk-ai-agent/refs/heads/main/tests/ai-bizhawk-agent-nitrogen-v3.2-alpha.5.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796073/; classtype:trojan-activity;sid:84659173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796074)"; flow:established,from_client; content:"GET"; http_method; content:"/xonigashi/ai-coding-kit/refs/heads/master/protocols/coding-kit-ai-v3.9.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796074/; classtype:trojan-activity;sid:84659174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796075)"; flow:established,from_client; content:"GET"; http_method; content:"/bioeu/agentic-mcp-skill/refs/heads/master/cli/utils/skill_mc_agentic_woolskin.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796075/; classtype:trojan-activity;sid:84659175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796076)"; flow:established,from_client; content:"GET"; http_method; content:"/anzoafk/huobao-drama/refs/heads/master/pkg/logger/huobao_drama_v2.4.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796076/; classtype:trojan-activity;sid:84659176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796077)"; flow:established,from_client; content:"GET"; http_method; content:"/frank235-alt/zenshellhub/refs/heads/master/static/vendor/hub-zen-shell-v3.9.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796077/; classtype:trojan-activity;sid:84659177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796078)"; flow:established,from_client; content:"GET"; http_method; content:"/djordjedacovic/vmux-examples/refs/heads/master/claude/skills/vmux_examples_v2.6.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796078/; classtype:trojan-activity;sid:84659178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796058)"; flow:established,from_client; content:"GET"; http_method; content:"/rahul123gautam/my-crazy-skills/refs/heads/main/skills/workflows/skills_crazy_my_1.7.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796058/; classtype:trojan-activity;sid:84659158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796059)"; flow:established,from_client; content:"GET"; http_method; content:"/dilhansaminda/anti-power/raw/refs/heads/master/tests/scripts/anti-power-v3.1.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796059/; classtype:trojan-activity;sid:84659159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796060)"; flow:established,from_client; content:"GET"; http_method; content:"/dilhansaminda/anti-power/refs/heads/master/tests/scripts/anti-power-v3.1.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796060/; classtype:trojan-activity;sid:84659160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796057)"; flow:established,from_client; content:"GET"; http_method; content:"/tip27ice/git-hunks/refs/heads/main/stomachal/git_hunks_3.4.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796057/; classtype:trojan-activity;sid:84659157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796056)"; flow:established,from_client; content:"GET"; http_method; content:"/tip27ice/git-hunks/raw/refs/heads/main/stomachal/git_hunks_3.4.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796056/; classtype:trojan-activity;sid:84659156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796054)"; flow:established,from_client; content:"GET"; http_method; content:"/tip27ice/git-hunks/refs/heads/main/stomachal/hunks-git-v1.0.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796054/; classtype:trojan-activity;sid:84659154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796055)"; flow:established,from_client; content:"GET"; http_method; content:"/tip27ice/git-hunks/raw/refs/heads/main/stomachal/hunks-git-v1.0.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796055/; classtype:trojan-activity;sid:84659155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796052)"; flow:established,from_client; content:"GET"; http_method; content:"/kadochimo/embeddable-rag-chatbot-widget--javascript-cloudflare-workers-fullstack/raw/refs/heads/main/src/stack_script_workers_java_cloudflare_embeddable_full_chatbot_ra_widget_v1.6.zip"; http_uri; depth:185; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796052/; classtype:trojan-activity;sid:84659152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796053)"; flow:established,from_client; content:"GET"; http_method; content:"/kadochimo/embeddable-rag-chatbot-widget--javascript-cloudflare-workers-fullstack/refs/heads/main/src/stack_script_workers_java_cloudflare_embeddable_full_chatbot_ra_widget_v1.6.zip"; http_uri; depth:181; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796053/; classtype:trojan-activity;sid:84659153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.27.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796051/; classtype:trojan-activity;sid:84659151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796049)"; flow:established,from_client; content:"GET"; http_method; content:"/alan06121/heartlib-google-colab/refs/heads/main/seme/colab-google-heart-lib-v1.9-beta.1.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796049/; classtype:trojan-activity;sid:84659149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796050)"; flow:established,from_client; content:"GET"; http_method; content:"/alan06121/heartlib-google-colab/raw/refs/heads/main/seme/colab-google-heart-lib-v1.9-beta.1.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796050/; classtype:trojan-activity;sid:84659150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796048)"; flow:established,from_client; content:"GET"; http_method; content:"/nivedh786/subdown/raw/refs/heads/main/trabeation/software-3.7.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796048/; classtype:trojan-activity;sid:84659148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796047)"; flow:established,from_client; content:"GET"; http_method; content:"/nivedh786/subdown/refs/heads/main/trabeation/software-3.7.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796047/; classtype:trojan-activity;sid:84659147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.243.6.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796046/; classtype:trojan-activity;sid:84659146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796045)"; flow:established,from_client; content:"GET"; http_method; content:"/atharva-netwin/dungeonrng-keylessrun/raw/refs/heads/main/francisca/dungeon_run_keyless_rn_v2.6.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796045/; classtype:trojan-activity;sid:84659145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796044)"; flow:established,from_client; content:"GET"; http_method; content:"/atharva-netwin/dungeonrng-keylessrun/refs/heads/main/francisca/dungeon_run_keyless_rn_v2.6.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796044/; classtype:trojan-activity;sid:84659144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796041)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"web-proxy-v.vitasicura.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796041/; classtype:trojan-activity;sid:84659141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796040)"; flow:established,from_client; content:"GET"; http_method; content:"/shippingtechnologymovie/ai/releases/download/123123/updater-win-setup.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796040/; classtype:trojan-activity;sid:84659140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796039)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"srv-cluster-33.vitasicura.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796039/; classtype:trojan-activity;sid:84659139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.235.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796034/; classtype:trojan-activity;sid:84659134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.23.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796031/; classtype:trojan-activity;sid:84659131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.23.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796030/; classtype:trojan-activity;sid:84659130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796029)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloud-drive-a1.vitasicura.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796029/; classtype:trojan-activity;sid:84659129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796027)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"metrics-core.grossesystem.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796027/; classtype:trojan-activity;sid:84659127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.85.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796026/; classtype:trojan-activity;sid:84659126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.243.6.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796025/; classtype:trojan-activity;sid:84659125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.215.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796023/; classtype:trojan-activity;sid:84659123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.219.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796024/; classtype:trojan-activity;sid:84659124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796022)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dev-test-unit.grossesystem.in.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796022/; classtype:trojan-activity;sid:84659122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.219.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796021/; classtype:trojan-activity;sid:84659121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796020)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"api-v2-master.grossesystem.in.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796020/; classtype:trojan-activity;sid:84659120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796019)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cdn-static-4.grossesystem.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796019/; classtype:trojan-activity;sid:84659119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796018)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vf16.stoppit.in.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796018/; classtype:trojan-activity;sid:84659118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.199.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796017/; classtype:trojan-activity;sid:84659117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796007)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"climole.stoppit.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796007/; classtype:trojan-activity;sid:84659107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.200.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796006/; classtype:trojan-activity;sid:84659106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796005)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"rzlt.getron.in.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796005/; classtype:trojan-activity;sid:84659105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796004)"; flow:established,from_client; content:"GET"; http_method; content:"/data/|3f|7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dl.armour-inc-down.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796004/; classtype:trojan-activity;sid:84659104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795995)"; flow:established,from_client; content:"GET"; http_method; content:"/data/|3f|3"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dl.armour-inc-down.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795995/; classtype:trojan-activity;sid:84659095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795996)"; flow:established,from_client; content:"GET"; http_method; content:"/data/|3f|6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dl.armour-inc-down.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795996/; classtype:trojan-activity;sid:84659096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795997)"; flow:established,from_client; content:"GET"; http_method; content:"/data/|3f|4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dl.armour-inc-down.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795997/; classtype:trojan-activity;sid:84659097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795998)"; flow:established,from_client; content:"GET"; http_method; content:"/data/|3f|10"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"dl.armour-inc-down.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795998/; classtype:trojan-activity;sid:84659098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795999)"; flow:established,from_client; content:"GET"; http_method; content:"/data/|3f|5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dl.armour-inc-down.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795999/; classtype:trojan-activity;sid:84659099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796000)"; flow:established,from_client; content:"GET"; http_method; content:"/data/|3f|1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dl.armour-inc-down.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796000/; classtype:trojan-activity;sid:84659100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796001)"; flow:established,from_client; content:"GET"; http_method; content:"/data/|3f|9"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dl.armour-inc-down.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796001/; classtype:trojan-activity;sid:84659101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796002)"; flow:established,from_client; content:"GET"; http_method; content:"/data/|3f|8"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dl.armour-inc-down.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796002/; classtype:trojan-activity;sid:84659102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796003)"; flow:established,from_client; content:"GET"; http_method; content:"/data/|3f|2"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dl.armour-inc-down.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796003/; classtype:trojan-activity;sid:84659103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.207.128.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795994/; classtype:trojan-activity;sid:84659094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795993)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dshqj1.getron.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795993/; classtype:trojan-activity;sid:84659093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.165.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795992/; classtype:trojan-activity;sid:84659092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.215.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795991/; classtype:trojan-activity;sid:84659091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795990)"; flow:established,from_client; content:"GET"; http_method; content:"/4realgg/helper-update1.0/releases/download/update1/mw--58389c35-c76b-46ac-b33e-7efe83b65fda.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795990/; classtype:trojan-activity;sid:84659090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795989)"; flow:established,from_client; content:"GET"; http_method; content:"/screenconnect.clientsetup.msi"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"pub-72dca37cb1ce4100a2f8db504cb4502f.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795989/; classtype:trojan-activity;sid:84659089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.255.45.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795988/; classtype:trojan-activity;sid:84659088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.25.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795987/; classtype:trojan-activity;sid:84659087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.100.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795985/; classtype:trojan-activity;sid:84659085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795984)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"geo-foundation.vg"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795984/; classtype:trojan-activity;sid:84659084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795982)"; flow:established,from_client; content:"GET"; http_method; content:"/v%d0%b5b%d0%be%d0%bet%20v3.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"zontiz.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795982/; classtype:trojan-activity;sid:84659082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.42.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795981/; classtype:trojan-activity;sid:84659081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.207.128.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795980/; classtype:trojan-activity;sid:84659080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.199.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795979/; classtype:trojan-activity;sid:84659079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.121.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795978/; classtype:trojan-activity;sid:84659078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795977)"; flow:established,from_client; content:"GET"; http_method; content:"/cd/0/get/c8rulyzvbdgms9qy34jb_xwfaphdl588lscwhqa_yirtfbtih3pq3hdi-18tkupun6g7e2ifwftkp5l_4speorlnc7fovz99avbicq17ea_etrvylabbfibzxqvgniq2xvtsydx64xuqfmw6fvmwdkq5/file|3f|_download_id=768772768614499747969414208506844380649702413552802851208919287651|7c|26|7c|_log_download_success=1|7c|26|7c|_notify_domain=www.dropbox.com"; http_uri; depth:323; isdataat:!1,relative; nocase; content:"uc3132c9008b1e5420b76bdaf758.dl.dropboxusercontent.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795977/; classtype:trojan-activity;sid:84659077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.72.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795976/; classtype:trojan-activity;sid:84659076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795974)"; flow:established,from_client; content:"GET"; http_method; content:"/wlan.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795974/; classtype:trojan-activity;sid:84659074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795975)"; flow:established,from_client; content:"GET"; http_method; content:"/wlan.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795975/; classtype:trojan-activity;sid:84659075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795972)"; flow:established,from_client; content:"GET"; http_method; content:"/wlan.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795972/; classtype:trojan-activity;sid:84659072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795973)"; flow:established,from_client; content:"GET"; http_method; content:"/wlan.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795973/; classtype:trojan-activity;sid:84659073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.121.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795965/; classtype:trojan-activity;sid:84659065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795966)"; flow:established,from_client; content:"GET"; http_method; content:"/wlan.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795966/; classtype:trojan-activity;sid:84659066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795967)"; flow:established,from_client; content:"GET"; http_method; content:"/wlan.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795967/; classtype:trojan-activity;sid:84659067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795968)"; flow:established,from_client; content:"GET"; http_method; content:"/wlan.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795968/; classtype:trojan-activity;sid:84659068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795969)"; flow:established,from_client; content:"GET"; http_method; content:"/wlan.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795969/; classtype:trojan-activity;sid:84659069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795970)"; flow:established,from_client; content:"GET"; http_method; content:"/wlan.arc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795970/; classtype:trojan-activity;sid:84659070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795971)"; flow:established,from_client; content:"GET"; http_method; content:"/wlan.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795971/; classtype:trojan-activity;sid:84659071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.66.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795949/; classtype:trojan-activity;sid:84659049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795948)"; flow:established,from_client; content:"GET"; http_method; content:"/download_raw/gnhdrkroldd6ekrc/xeno.png"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"local-host.life"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795948/; classtype:trojan-activity;sid:84659048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.25.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795947/; classtype:trojan-activity;sid:84659047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.42.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795946/; classtype:trojan-activity;sid:84659046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795944)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/summer138.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"summer138proxel.site"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795944/; classtype:trojan-activity;sid:84659044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795945)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/csplay138.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"csplay168.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795945/; classtype:trojan-activity;sid:84659045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795943)"; flow:established,from_client; content:"GET"; http_method; content:"/sterling%20global%20credit%20file.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"sterlingglobalcredit.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795943/; classtype:trojan-activity;sid:84659043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795942)"; flow:established,from_client; content:"GET"; http_method; content:"/tgp/task769680691003_markend_/movie_app_1773458213152.apk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"d3kuvingv0kz95.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795942/; classtype:trojan-activity;sid:84659042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795941)"; flow:established,from_client; content:"GET"; http_method; content:"/security_document_2025.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"pub-20c44d94ab5743fbb2453666aab8608b.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795941/; classtype:trojan-activity;sid:84659041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795940)"; flow:established,from_client; content:"GET"; http_method; content:"/zoom%20setup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pub-7a7113e589a343048ed0ffdfeb7cd4a6.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795940/; classtype:trojan-activity;sid:84659040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795938)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.ppc64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.126.209.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795938/; classtype:trojan-activity;sid:84659038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795939)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.mips64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.126.209.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795939/; classtype:trojan-activity;sid:84659039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795927)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.rv64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.126.209.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795927/; classtype:trojan-activity;sid:84659027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795928)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.126.209.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795928/; classtype:trojan-activity;sid:84659028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795929)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.arm64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.126.209.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795929/; classtype:trojan-activity;sid:84659029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795930)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.126.209.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795930/; classtype:trojan-activity;sid:84659030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795931)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.126.209.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795931/; classtype:trojan-activity;sid:84659031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795932)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.126.209.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795932/; classtype:trojan-activity;sid:84659032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795933)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.126.209.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795933/; classtype:trojan-activity;sid:84659033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795934)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.126.209.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795934/; classtype:trojan-activity;sid:84659034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795935)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.x64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.126.209.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795935/; classtype:trojan-activity;sid:84659035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795936)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.126.209.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795936/; classtype:trojan-activity;sid:84659036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795937)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.126.209.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795937/; classtype:trojan-activity;sid:84659037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795926)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.223.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795926/; classtype:trojan-activity;sid:84659026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.230.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795924/; classtype:trojan-activity;sid:84659024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795923)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.203.38.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795923/; classtype:trojan-activity;sid:84659023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795919)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_opt.arm64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.126.209.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795919/; classtype:trojan-activity;sid:84659019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795920)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_opt.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.126.209.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795920/; classtype:trojan-activity;sid:84659020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795921)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_opt.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.126.209.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795921/; classtype:trojan-activity;sid:84659021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795922)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_opt.x64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.126.209.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795922/; classtype:trojan-activity;sid:84659022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795917/; classtype:trojan-activity;sid:84659017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795918)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.126.209.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795918/; classtype:trojan-activity;sid:84659018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.66.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795915/; classtype:trojan-activity;sid:84659015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.164.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795914/; classtype:trojan-activity;sid:84659014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795913)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sap0-node.zecoko.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795913/; classtype:trojan-activity;sid:84659013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.226.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795912/; classtype:trojan-activity;sid:84659012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.31.201.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795911/; classtype:trojan-activity;sid:84659011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795910)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cube.zecoko.in.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795910/; classtype:trojan-activity;sid:84659010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795909)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"yxngqe.cutlog.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795909/; classtype:trojan-activity;sid:84659009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795908)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"courie-sprou.cutlog.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795908/; classtype:trojan-activity;sid:84659008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.226.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795907/; classtype:trojan-activity;sid:84659007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795906)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bufferforge.onfloor.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795906/; classtype:trojan-activity;sid:84659006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795905)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mirogv.onfloor.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795905/; classtype:trojan-activity;sid:84659005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.189.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795904/; classtype:trojan-activity;sid:84659004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.189.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795903/; classtype:trojan-activity;sid:84659003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795902)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"alpha2-point.uptrend.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795902/; classtype:trojan-activity;sid:84659002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795900)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7362035837/rbobwhe.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795900/; classtype:trojan-activity;sid:84659000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.111.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795899/; classtype:trojan-activity;sid:84658999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.120.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795898/; classtype:trojan-activity;sid:84658998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795896)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"posteroutlet.getontra.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795896/; classtype:trojan-activity;sid:84658996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.65.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795895/; classtype:trojan-activity;sid:84658995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.117.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795894/; classtype:trojan-activity;sid:84658994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.65.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795892/; classtype:trojan-activity;sid:84658992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795891)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cvk6.freespe.in.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795891/; classtype:trojan-activity;sid:84658991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795890)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8616879702/6klkqz9.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795890/; classtype:trojan-activity;sid:84658990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.129.11.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795889/; classtype:trojan-activity;sid:84658989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.111.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795887/; classtype:trojan-activity;sid:84658987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.8.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795886/; classtype:trojan-activity;sid:84658986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795884)"; flow:established,from_client; content:"GET"; http_method; content:"/tagbitimagine18/word-cracked-2026/releases/download/new/word_16.0.19127_x64.rar"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795884/; classtype:trojan-activity;sid:84658984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.189.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795883/; classtype:trojan-activity;sid:84658983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.8.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795879/; classtype:trojan-activity;sid:84658979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795877)"; flow:established,from_client; content:"GET"; http_method; content:"/reforestgal.vilar-sl_niecopiaausweis.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"80.253.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795877/; classtype:trojan-activity;sid:84658977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.186.141.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795876/; classtype:trojan-activity;sid:84658976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795874)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.223.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795874/; classtype:trojan-activity;sid:84658974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795875)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsle"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.175.223.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795875/; classtype:trojan-activity;sid:84658975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795869)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.223.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795869/; classtype:trojan-activity;sid:84658969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795870)"; flow:established,from_client; content:"GET"; http_method; content:"/android_arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.175.223.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795870/; classtype:trojan-activity;sid:84658970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795871)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.175.223.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795871/; classtype:trojan-activity;sid:84658971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795872)"; flow:established,from_client; content:"GET"; http_method; content:"/i386"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.223.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795872/; classtype:trojan-activity;sid:84658972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795865)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.223.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795865/; classtype:trojan-activity;sid:84658965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795868)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.175.223.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795868/; classtype:trojan-activity;sid:84658968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795864)"; flow:established,from_client; content:"GET"; http_method; content:"/arm64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"5.175.223.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795864/; classtype:trojan-activity;sid:84658964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795861)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xfr.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.175.223.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795861/; classtype:trojan-activity;sid:84658961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795862)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xfr.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.175.223.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795862/; classtype:trojan-activity;sid:84658962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795860)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.175.223.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795860/; classtype:trojan-activity;sid:84658960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795850)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xfr.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.175.223.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795850/; classtype:trojan-activity;sid:84658950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795852)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xfr.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.175.223.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795852/; classtype:trojan-activity;sid:84658952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795853)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xfr.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.175.223.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795853/; classtype:trojan-activity;sid:84658953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795857)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xfr.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.175.223.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795857/; classtype:trojan-activity;sid:84658957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.23.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795858/; classtype:trojan-activity;sid:84658958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795859)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.175.223.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795859/; classtype:trojan-activity;sid:84658959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795849)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795849/; classtype:trojan-activity;sid:84658949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795846)"; flow:established,from_client; content:"GET"; http_method; content:"/android_arm64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.175.223.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795846/; classtype:trojan-activity;sid:84658946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795847)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795847/; classtype:trojan-activity;sid:84658947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795848)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795848/; classtype:trojan-activity;sid:84658948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795845)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"5.175.223.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795845/; classtype:trojan-activity;sid:84658945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795841)"; flow:established,from_client; content:"GET"; http_method; content:"/private/r.vbs"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.165.45.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795841/; classtype:trojan-activity;sid:84658941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795843)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795843/; classtype:trojan-activity;sid:84658943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795844)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.175.223.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795844/; classtype:trojan-activity;sid:84658944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795837)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795837/; classtype:trojan-activity;sid:84658937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795838)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795838/; classtype:trojan-activity;sid:84658938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795833)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795833/; classtype:trojan-activity;sid:84658933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795834)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795834/; classtype:trojan-activity;sid:84658934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795827)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/byte.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.175.223.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795827/; classtype:trojan-activity;sid:84658927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795828)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xfr.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.175.223.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795828/; classtype:trojan-activity;sid:84658928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795830)"; flow:established,from_client; content:"GET"; http_method; content:"/quick_access/completed%20interior%20design.pdf.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"213.165.45.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795830/; classtype:trojan-activity;sid:84658930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795831)"; flow:established,from_client; content:"GET"; http_method; content:"/ausweis.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"80.253.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795831/; classtype:trojan-activity;sid:84658931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.164.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795825/; classtype:trojan-activity;sid:84658925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795826)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pspc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795826/; classtype:trojan-activity;sid:84658926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795823)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795823/; classtype:trojan-activity;sid:84658923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795824)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795824/; classtype:trojan-activity;sid:84658924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795820)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.175.223.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795820/; classtype:trojan-activity;sid:84658920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795790)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795790/; classtype:trojan-activity;sid:84658890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795791)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795791/; classtype:trojan-activity;sid:84658891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795793)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795793/; classtype:trojan-activity;sid:84658893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795794)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795794/; classtype:trojan-activity;sid:84658894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795795)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795795/; classtype:trojan-activity;sid:84658895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795796)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795796/; classtype:trojan-activity;sid:84658896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795797)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795797/; classtype:trojan-activity;sid:84658897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795798)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795798/; classtype:trojan-activity;sid:84658898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795799)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795799/; classtype:trojan-activity;sid:84658899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795800)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795800/; classtype:trojan-activity;sid:84658900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795801)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795801/; classtype:trojan-activity;sid:84658901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795802)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795802/; classtype:trojan-activity;sid:84658902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795803)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795803/; classtype:trojan-activity;sid:84658903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795804)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795804/; classtype:trojan-activity;sid:84658904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795809)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795809/; classtype:trojan-activity;sid:84658909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795788)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetm68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"pornily.ai"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795788/; classtype:trojan-activity;sid:84658888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795786)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetarm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pornily.ai"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795786/; classtype:trojan-activity;sid:84658886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795787)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetarm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"pornily.ai"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795787/; classtype:trojan-activity;sid:84658887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795784)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetmpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"pornily.ai"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795784/; classtype:trojan-activity;sid:84658884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795785)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetsh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pornily.ai"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795785/; classtype:trojan-activity;sid:84658885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795778)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetspc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pornily.ai"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795778/; classtype:trojan-activity;sid:84658878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795779)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetx86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pornily.ai"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795779/; classtype:trojan-activity;sid:84658879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795780)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetarm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"pornily.ai"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795780/; classtype:trojan-activity;sid:84658880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795781)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetarm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"pornily.ai"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795781/; classtype:trojan-activity;sid:84658881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795782)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pornily.ai"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795782/; classtype:trojan-activity;sid:84658882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795783)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetmips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"pornily.ai"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795783/; classtype:trojan-activity;sid:84658883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795777)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.84.222.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795777/; classtype:trojan-activity;sid:84658877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795767)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.84.222.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795767/; classtype:trojan-activity;sid:84658867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795768)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.84.222.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795768/; classtype:trojan-activity;sid:84658868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795769)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.84.222.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795769/; classtype:trojan-activity;sid:84658869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795770)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.84.222.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795770/; classtype:trojan-activity;sid:84658870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795771)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.84.222.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795771/; classtype:trojan-activity;sid:84658871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795772)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.84.222.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795772/; classtype:trojan-activity;sid:84658872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795773)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.84.222.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795773/; classtype:trojan-activity;sid:84658873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795774)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.84.222.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795774/; classtype:trojan-activity;sid:84658874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795775)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.84.222.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795775/; classtype:trojan-activity;sid:84658875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795776)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pspc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.84.222.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795776/; classtype:trojan-activity;sid:84658876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795766)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795766/; classtype:trojan-activity;sid:84658866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795757)"; flow:established,from_client; content:"GET"; http_method; content:"/android"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795757/; classtype:trojan-activity;sid:84658857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795758)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795758/; classtype:trojan-activity;sid:84658858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795759)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795759/; classtype:trojan-activity;sid:84658859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795760)"; flow:established,from_client; content:"GET"; http_method; content:"/pmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795760/; classtype:trojan-activity;sid:84658860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795761)"; flow:established,from_client; content:"GET"; http_method; content:"/pmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795761/; classtype:trojan-activity;sid:84658861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795762)"; flow:established,from_client; content:"GET"; http_method; content:"/parm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795762/; classtype:trojan-activity;sid:84658862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795763)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795763/; classtype:trojan-activity;sid:84658863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795764)"; flow:established,from_client; content:"GET"; http_method; content:"/px86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795764/; classtype:trojan-activity;sid:84658864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795765)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795765/; classtype:trojan-activity;sid:84658865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795751)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795751/; classtype:trojan-activity;sid:84658851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795752)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795752/; classtype:trojan-activity;sid:84658852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795753)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795753/; classtype:trojan-activity;sid:84658853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795754)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795754/; classtype:trojan-activity;sid:84658854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795755)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795755/; classtype:trojan-activity;sid:84658855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795756)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795756/; classtype:trojan-activity;sid:84658856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.189.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795750/; classtype:trojan-activity;sid:84658850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.164.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795748/; classtype:trojan-activity;sid:84658848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.239.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795747/; classtype:trojan-activity;sid:84658847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.153.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795743/; classtype:trojan-activity;sid:84658843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.183.0.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795742/; classtype:trojan-activity;sid:84658842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.141.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795739/; classtype:trojan-activity;sid:84658839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.249.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795737/; classtype:trojan-activity;sid:84658837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.190.19.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795735/; classtype:trojan-activity;sid:84658835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.183.0.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795733/; classtype:trojan-activity;sid:84658833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.91.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795731/; classtype:trojan-activity;sid:84658831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.153.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795730/; classtype:trojan-activity;sid:84658830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.249.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795727/; classtype:trojan-activity;sid:84658827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.190.19.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795726/; classtype:trojan-activity;sid:84658826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.141.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795725/; classtype:trojan-activity;sid:84658825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.85.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795721/; classtype:trojan-activity;sid:84658821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.85.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795706/; classtype:trojan-activity;sid:84658806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.168.0.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795705/; classtype:trojan-activity;sid:84658805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795700)"; flow:established,from_client; content:"GET"; http_method; content:"/bannerchameleonaura/excel-free-cracked-2026/releases/download/new/excelsetup_2026_x64.rar"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795700/; classtype:trojan-activity;sid:84658800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795698)"; flow:established,from_client; content:"GET"; http_method; content:"/omernizam/aitopia-chrome-extension-cracked/refs/heads/main/histomorphologically/extension-chrome-aitopi-cracked-v2.6.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795698/; classtype:trojan-activity;sid:84658798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795697)"; flow:established,from_client; content:"GET"; http_method; content:"/omernizam/aitopia-chrome-extension-cracked/raw/refs/heads/main/histomorphologically/extension-chrome-aitopi-cracked-v2.6.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795697/; classtype:trojan-activity;sid:84658797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795695)"; flow:established,from_client; content:"GET"; http_method; content:"/simpotnii-2000se0/-photoshop-bestcracked-2026/releases/download/new/photoshop_2026-x64-setup.rar"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795695/; classtype:trojan-activity;sid:84658795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795694)"; flow:established,from_client; content:"GET"; http_method; content:"/harshitjhajharia/word-free-cracked-desktop-2026/raw/refs/heads/main/word_16.0.19127_x64.rar"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795694/; classtype:trojan-activity;sid:84658794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.81.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795690/; classtype:trojan-activity;sid:84658790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"199.16.59.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795689/; classtype:trojan-activity;sid:84658789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"199.16.59.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795685/; classtype:trojan-activity;sid:84658785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.81.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795683/; classtype:trojan-activity;sid:84658783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.152.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795682/; classtype:trojan-activity;sid:84658782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.152.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795680/; classtype:trojan-activity;sid:84658780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.23.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795679/; classtype:trojan-activity;sid:84658779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.12.192.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795678/; classtype:trojan-activity;sid:84658778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.236.46.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795674/; classtype:trojan-activity;sid:84658774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.248.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795668/; classtype:trojan-activity;sid:84658768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.68.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795667/; classtype:trojan-activity;sid:84658767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.24.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795665/; classtype:trojan-activity;sid:84658765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.68.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795663/; classtype:trojan-activity;sid:84658763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.216.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795659/; classtype:trojan-activity;sid:84658759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.236.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795658/; classtype:trojan-activity;sid:84658758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.49.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795639/; classtype:trojan-activity;sid:84658739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795625)"; flow:established,from_client; content:"GET"; http_method; content:"/i.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795625/; classtype:trojan-activity;sid:84658725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795612)"; flow:established,from_client; content:"GET"; http_method; content:"/all.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.228.157.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795612/; classtype:trojan-activity;sid:84658712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.42.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795609/; classtype:trojan-activity;sid:84658709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.236.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795604/; classtype:trojan-activity;sid:84658704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.216.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795603/; classtype:trojan-activity;sid:84658703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.22.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795599/; classtype:trojan-activity;sid:84658699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.5.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795598/; classtype:trojan-activity;sid:84658698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.77.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795596/; classtype:trojan-activity;sid:84658696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.5.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795595/; classtype:trojan-activity;sid:84658695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.35.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795594/; classtype:trojan-activity;sid:84658694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.35.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795592/; classtype:trojan-activity;sid:84658692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.161.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795591/; classtype:trojan-activity;sid:84658691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.78.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795588/; classtype:trojan-activity;sid:84658688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.22.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795584/; classtype:trojan-activity;sid:84658684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.78.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795583/; classtype:trojan-activity;sid:84658683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.226.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795580/; classtype:trojan-activity;sid:84658680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.221.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795576/; classtype:trojan-activity;sid:84658676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.221.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795574/; classtype:trojan-activity;sid:84658674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.214.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795570/; classtype:trojan-activity;sid:84658670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.23.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795568/; classtype:trojan-activity;sid:84658668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.40.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795565/; classtype:trojan-activity;sid:84658665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.40.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795562/; classtype:trojan-activity;sid:84658662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.17.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795561/; classtype:trojan-activity;sid:84658661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.103.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795560/; classtype:trojan-activity;sid:84658660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.17.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795558/; classtype:trojan-activity;sid:84658658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.232.61.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795557/; classtype:trojan-activity;sid:84658657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.108.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795556/; classtype:trojan-activity;sid:84658656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.232.61.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795554/; classtype:trojan-activity;sid:84658654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.88.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795553/; classtype:trojan-activity;sid:84658653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.164.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795551/; classtype:trojan-activity;sid:84658651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.108.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795549/; classtype:trojan-activity;sid:84658649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.214.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795550/; classtype:trojan-activity;sid:84658650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.145.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795548/; classtype:trojan-activity;sid:84658648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.214.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795546/; classtype:trojan-activity;sid:84658646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.77.228.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795543/; classtype:trojan-activity;sid:84658643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.205.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795542/; classtype:trojan-activity;sid:84658642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.164.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795541/; classtype:trojan-activity;sid:84658641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.77.228.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795536/; classtype:trojan-activity;sid:84658636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.205.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795533/; classtype:trojan-activity;sid:84658633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.87.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795526/; classtype:trojan-activity;sid:84658626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.87.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795522/; classtype:trojan-activity;sid:84658622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.117.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795520/; classtype:trojan-activity;sid:84658620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.29.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795501/; classtype:trojan-activity;sid:84658601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.202.90.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795500/; classtype:trojan-activity;sid:84658600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.89.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795490/; classtype:trojan-activity;sid:84658590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.29.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795488/; classtype:trojan-activity;sid:84658588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.90.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795486/; classtype:trojan-activity;sid:84658586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.89.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795483/; classtype:trojan-activity;sid:84658583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.229.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795479/; classtype:trojan-activity;sid:84658579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.24.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795474/; classtype:trojan-activity;sid:84658574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.110.15.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795473/; classtype:trojan-activity;sid:84658573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.106.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795472/; classtype:trojan-activity;sid:84658572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.118.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795470/; classtype:trojan-activity;sid:84658570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.229.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795471/; classtype:trojan-activity;sid:84658571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.118.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795467/; classtype:trojan-activity;sid:84658567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.106.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795461/; classtype:trojan-activity;sid:84658561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.250.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795459/; classtype:trojan-activity;sid:84658559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.6.169.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795458/; classtype:trojan-activity;sid:84658558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795457)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"user-auth-v8.kaltesystem.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795457/; classtype:trojan-activity;sid:84658557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.81.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795456/; classtype:trojan-activity;sid:84658556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.56.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795455/; classtype:trojan-activity;sid:84658555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.252.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795451/; classtype:trojan-activity;sid:84658551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.250.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795450/; classtype:trojan-activity;sid:84658550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795449)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"core-shell-11.kaltesystem.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795449/; classtype:trojan-activity;sid:84658549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.252.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795448/; classtype:trojan-activity;sid:84658548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795447)"; flow:established,from_client; content:"GET"; http_method; content:"/aemmr/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795447/; classtype:trojan-activity;sid:84658547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.68.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795446/; classtype:trojan-activity;sid:84658546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795444)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"alpha-trace-x.kaltesystem.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795444/; classtype:trojan-activity;sid:84658544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795443)"; flow:established,from_client; content:"GET"; http_method; content:"/data/|3f|kiddionsmodmenu"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"dl.armour-inc-down.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795443/; classtype:trojan-activity;sid:84658543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795442)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"point-entry-1.mondoluce.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795442/; classtype:trojan-activity;sid:84658542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.89.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795441/; classtype:trojan-activity;sid:84658541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795440)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"data-base-v4.mondoluce.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795440/; classtype:trojan-activity;sid:84658540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"173.28.103.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795439/; classtype:trojan-activity;sid:84658539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795438)"; flow:established,from_client; content:"GET"; http_method; content:"/stepheen/raw/refs/heads/main/launcher.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795438/; classtype:trojan-activity;sid:84658538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795437)"; flow:established,from_client; content:"GET"; http_method; content:"/stepheen/raw/raw/refs/heads/main/launcher.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795437/; classtype:trojan-activity;sid:84658537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795436)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"base-infra-5.mondoluce.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795436/; classtype:trojan-activity;sid:84658536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.68.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795434/; classtype:trojan-activity;sid:84658534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.144.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795433/; classtype:trojan-activity;sid:84658533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795432)"; flow:established,from_client; content:"GET"; http_method; content:"/swissmet/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795432/; classtype:trojan-activity;sid:84658532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.218.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795431/; classtype:trojan-activity;sid:84658531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795430)"; flow:established,from_client; content:"GET"; http_method; content:"/idlecash/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795430/; classtype:trojan-activity;sid:84658530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795429)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"global-net-2.mondoluce.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795429/; classtype:trojan-activity;sid:84658529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"173.28.103.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795428/; classtype:trojan-activity;sid:84658528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.89.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795427/; classtype:trojan-activity;sid:84658527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.175.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795425/; classtype:trojan-activity;sid:84658525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795426)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"local-hub-sec.espacerapide.in.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795426/; classtype:trojan-activity;sid:84658526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.237.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795424/; classtype:trojan-activity;sid:84658524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.144.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795423/; classtype:trojan-activity;sid:84658523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.242.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795422/; classtype:trojan-activity;sid:84658522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795421)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"work-flow-v3.espacerapide.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795421/; classtype:trojan-activity;sid:84658521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.12.205.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795420/; classtype:trojan-activity;sid:84658520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795419)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8012574236/4ammua4.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795419/; classtype:trojan-activity;sid:84658519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795418)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"office-link-1.espacerapide.in.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795418/; classtype:trojan-activity;sid:84658518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795417)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"internal-dns-2.vitagrazia.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795417/; classtype:trojan-activity;sid:84658517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.175.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795416/; classtype:trojan-activity;sid:84658516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.75.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795415/; classtype:trojan-activity;sid:84658515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.93.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795414/; classtype:trojan-activity;sid:84658514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.242.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795413/; classtype:trojan-activity;sid:84658513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795411)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795411/; classtype:trojan-activity;sid:84658511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795412)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795412/; classtype:trojan-activity;sid:84658512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795410)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795410/; classtype:trojan-activity;sid:84658510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795404)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795404/; classtype:trojan-activity;sid:84658504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795405)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795405/; classtype:trojan-activity;sid:84658505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795406)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795406/; classtype:trojan-activity;sid:84658506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795407)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795407/; classtype:trojan-activity;sid:84658507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795408)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795408/; classtype:trojan-activity;sid:84658508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795409)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795409/; classtype:trojan-activity;sid:84658509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.196.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795403/; classtype:trojan-activity;sid:84658503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.12.205.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795402/; classtype:trojan-activity;sid:84658502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.75.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795401/; classtype:trojan-activity;sid:84658501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795400)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cache-dist-5.vitagrazia.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795400/; classtype:trojan-activity;sid:84658500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.186.231.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795398/; classtype:trojan-activity;sid:84658498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.93.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795399/; classtype:trojan-activity;sid:84658499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795397)"; flow:established,from_client; content:"GET"; http_method; content:"/s/poyrqqgf|3f|repo_name=.github"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"github.guru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795397/; classtype:trojan-activity;sid:84658497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.253.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795396/; classtype:trojan-activity;sid:84658496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.65.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795395/; classtype:trojan-activity;sid:84658495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795394)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"backend-core-x.vitagrazia.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795394/; classtype:trojan-activity;sid:84658494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.196.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795393/; classtype:trojan-activity;sid:84658493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.171.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795392/; classtype:trojan-activity;sid:84658492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.237.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795391/; classtype:trojan-activity;sid:84658491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.50.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795390/; classtype:trojan-activity;sid:84658490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.240.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795389/; classtype:trojan-activity;sid:84658489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795388)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"remote-access-v1.vitagrazia.in.net"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795388/; classtype:trojan-activity;sid:84658488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.89.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795387/; classtype:trojan-activity;sid:84658487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795386)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7115306239/fcfbedc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795386/; classtype:trojan-activity;sid:84658486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.186.231.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795385/; classtype:trojan-activity;sid:84658485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.253.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795384/; classtype:trojan-activity;sid:84658484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795383)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"app-data-log.fortezzablu.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795383/; classtype:trojan-activity;sid:84658483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.50.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795382/; classtype:trojan-activity;sid:84658482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795381)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"web-proxy-88.fortezzablu.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795381/; classtype:trojan-activity;sid:84658481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795380/; classtype:trojan-activity;sid:84658480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795379)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"srv-cluster-7.fortezzablu.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795379/; classtype:trojan-activity;sid:84658479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.18.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795378/; classtype:trojan-activity;sid:84658478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.115.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795377/; classtype:trojan-activity;sid:84658477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795376)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloud-storage-b.fortezzablu.in.net"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795376/; classtype:trojan-activity;sid:84658476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.115.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795375/; classtype:trojan-activity;sid:84658475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.251.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795374/; classtype:trojan-activity;sid:84658474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795373)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dev-test-node.sturmwelle.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795373/; classtype:trojan-activity;sid:84658473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.18.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795372/; classtype:trojan-activity;sid:84658472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.211.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795371/; classtype:trojan-activity;sid:84658471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.251.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795370/; classtype:trojan-activity;sid:84658470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.38.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795369/; classtype:trojan-activity;sid:84658469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795368)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cdn-static-2.sturmwelle.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795368/; classtype:trojan-activity;sid:84658468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.224.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795367/; classtype:trojan-activity;sid:84658467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795366)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"zendraix.stayflat.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795366/; classtype:trojan-activity;sid:84658466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.211.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795365/; classtype:trojan-activity;sid:84658465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.185.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795364/; classtype:trojan-activity;sid:84658464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.38.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795363/; classtype:trojan-activity;sid:84658463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.231.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795362/; classtype:trojan-activity;sid:84658462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795361)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"exposedemand.stayflat.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795361/; classtype:trojan-activity;sid:84658461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.250.238.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795360/; classtype:trojan-activity;sid:84658460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.224.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795359/; classtype:trojan-activity;sid:84658459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.177.98.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795358/; classtype:trojan-activity;sid:84658458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.16.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795357/; classtype:trojan-activity;sid:84658457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795356)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"organizecourier.stayflat.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795356/; classtype:trojan-activity;sid:84658456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795355)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"marshlagoon.stayflat.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795355/; classtype:trojan-activity;sid:84658455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.178.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795354/; classtype:trojan-activity;sid:84658454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.115.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795353/; classtype:trojan-activity;sid:84658453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.250.238.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795352/; classtype:trojan-activity;sid:84658452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.15.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795351/; classtype:trojan-activity;sid:84658451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.105.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795350/; classtype:trojan-activity;sid:84658450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795349)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"otyhyn.gorun.in.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795349/; classtype:trojan-activity;sid:84658449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.97.100.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795348/; classtype:trojan-activity;sid:84658448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.16.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795347/; classtype:trojan-activity;sid:84658447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.227.85.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795346/; classtype:trojan-activity;sid:84658446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.88.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795345/; classtype:trojan-activity;sid:84658445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.178.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795344/; classtype:trojan-activity;sid:84658444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795343)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"delivelagoo.gorun.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795343/; classtype:trojan-activity;sid:84658443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795342)"; flow:established,from_client; content:"GET"; http_method; content:"/ohno.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.141.26.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795342/; classtype:trojan-activity;sid:84658442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.97.100.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795341/; classtype:trojan-activity;sid:84658441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.15.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795340/; classtype:trojan-activity;sid:84658440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795339)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"opticparcel.gorun.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795339/; classtype:trojan-activity;sid:84658439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.105.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795338/; classtype:trojan-activity;sid:84658438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795337)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"k97iydxz.gorun.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795337/; classtype:trojan-activity;sid:84658437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795336)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tri-nexos.gontake.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795336/; classtype:trojan-activity;sid:84658436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.88.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795335/; classtype:trojan-activity;sid:84658435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.27.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795334/; classtype:trojan-activity;sid:84658434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.27.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795333/; classtype:trojan-activity;sid:84658433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795332)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"visuavital.gontake.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795332/; classtype:trojan-activity;sid:84658432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.115.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795331/; classtype:trojan-activity;sid:84658431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.95.214.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795330/; classtype:trojan-activity;sid:84658430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.235.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795329/; classtype:trojan-activity;sid:84658429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795328)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"48leal.gontake.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795328/; classtype:trojan-activity;sid:84658428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795327)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/dqzayuy.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795327/; classtype:trojan-activity;sid:84658427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.84.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795326/; classtype:trojan-activity;sid:84658426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.235.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795325/; classtype:trojan-activity;sid:84658425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.60.181.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795324/; classtype:trojan-activity;sid:84658424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.88.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795323/; classtype:trojan-activity;sid:84658423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.230.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795322/; classtype:trojan-activity;sid:84658422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.230.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795321/; classtype:trojan-activity;sid:84658421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.115.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795320/; classtype:trojan-activity;sid:84658420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.103.86.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795319/; classtype:trojan-activity;sid:84658419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.147.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795318/; classtype:trojan-activity;sid:84658418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795317)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1781548144/okr3iq0.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795317/; classtype:trojan-activity;sid:84658417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.100.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795316/; classtype:trojan-activity;sid:84658416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.242.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795315/; classtype:trojan-activity;sid:84658415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.14.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795314/; classtype:trojan-activity;sid:84658414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795313)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8468794285/dsbzqk0.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795313/; classtype:trojan-activity;sid:84658413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.115.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795312/; classtype:trojan-activity;sid:84658412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.147.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795311/; classtype:trojan-activity;sid:84658411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.147.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795310/; classtype:trojan-activity;sid:84658410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.181.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795309/; classtype:trojan-activity;sid:84658409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.103.86.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795308/; classtype:trojan-activity;sid:84658408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.242.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795307/; classtype:trojan-activity;sid:84658407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.240.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795306/; classtype:trojan-activity;sid:84658406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795305)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8535406641/ayrs45o.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795305/; classtype:trojan-activity;sid:84658405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.147.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795304/; classtype:trojan-activity;sid:84658404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.14.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795303/; classtype:trojan-activity;sid:84658403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.240.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795302/; classtype:trojan-activity;sid:84658402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.126.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795301/; classtype:trojan-activity;sid:84658401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.253.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795299/; classtype:trojan-activity;sid:84658399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.40.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795300/; classtype:trojan-activity;sid:84658400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795298)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8167064937/bb3ugoe.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795298/; classtype:trojan-activity;sid:84658398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.65.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795297/; classtype:trojan-activity;sid:84658397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.60.181.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795296/; classtype:trojan-activity;sid:84658396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.126.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795295/; classtype:trojan-activity;sid:84658395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795294)"; flow:established,from_client; content:"GET"; http_method; content:"/9cca20c6df659f72/m_cpt1267381.bin"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"172.94.9.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795294/; classtype:trojan-activity;sid:84658394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795293)"; flow:established,from_client; content:"GET"; http_method; content:"/curl/cebf178be06dfca56487bdc83ca5c28340b4a3da0f157128bac6142cad1b36be"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"woupp.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795293/; classtype:trojan-activity;sid:84658393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.255.106.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795292/; classtype:trojan-activity;sid:84658392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.40.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795291/; classtype:trojan-activity;sid:84658391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.65.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795290/; classtype:trojan-activity;sid:84658390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.199.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795289/; classtype:trojan-activity;sid:84658389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.255.106.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795288/; classtype:trojan-activity;sid:84658388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.230.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795287/; classtype:trojan-activity;sid:84658387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.213.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795286/; classtype:trojan-activity;sid:84658386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.230.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795285/; classtype:trojan-activity;sid:84658385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795283)"; flow:established,from_client; content:"GET"; http_method; content:"/oxpdxnaob113/assets/js/0twxt1rqmy"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"46.151.182.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795283/; classtype:trojan-activity;sid:84658383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795284)"; flow:established,from_client; content:"GET"; http_method; content:"/oxpdxnaob113/assets/js/a7nuhf01jq"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"46.151.182.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795284/; classtype:trojan-activity;sid:84658384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795280)"; flow:established,from_client; content:"GET"; http_method; content:"/oxpdxnaob113/assets/js/4bonx494kg"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"46.151.182.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795280/; classtype:trojan-activity;sid:84658380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795281)"; flow:established,from_client; content:"GET"; http_method; content:"/oxpdxnaob113/assets/js/hk9r4h7dm6"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"46.151.182.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795281/; classtype:trojan-activity;sid:84658381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795282)"; flow:established,from_client; content:"GET"; http_method; content:"/oxpdxnaob113/assets/js/kcd5v195q5"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"46.151.182.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795282/; classtype:trojan-activity;sid:84658382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795276)"; flow:established,from_client; content:"GET"; http_method; content:"/oxpdxnaob113/assets/js/qjzu1ipbfu"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"46.151.182.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795276/; classtype:trojan-activity;sid:84658376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795277)"; flow:established,from_client; content:"GET"; http_method; content:"/oxpdxnaob113/assets/js/d8o7xu71em"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"46.151.182.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795277/; classtype:trojan-activity;sid:84658377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795278)"; flow:established,from_client; content:"GET"; http_method; content:"/oxpdxnaob113/assets/js/nfrqbh0ttz"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"46.151.182.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795278/; classtype:trojan-activity;sid:84658378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795279)"; flow:established,from_client; content:"GET"; http_method; content:"/oxpdxnaob113/assets/js/nnzlphr2vt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"46.151.182.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795279/; classtype:trojan-activity;sid:84658379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795275)"; flow:established,from_client; content:"GET"; http_method; content:"/oxpdxnaob113/assets/js/tjyhj7uvnn"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"46.151.182.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795275/; classtype:trojan-activity;sid:84658375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795274)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.235.223.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795274/; classtype:trojan-activity;sid:84658374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.158.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795273/; classtype:trojan-activity;sid:84658373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.39.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795272/; classtype:trojan-activity;sid:84658372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795271)"; flow:established,from_client; content:"GET"; http_method; content:"/new/logm.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"217.156.65.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795271/; classtype:trojan-activity;sid:84658371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795270)"; flow:established,from_client; content:"GET"; http_method; content:"/new/logm.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"docinstall.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795270/; classtype:trojan-activity;sid:84658370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.199.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795269/; classtype:trojan-activity;sid:84658369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795268)"; flow:established,from_client; content:"GET"; http_method; content:"/ssa_em_ygjhjtuo_installer_win7-win11_x86_x64.msi"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"172.86.116.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795268/; classtype:trojan-activity;sid:84658368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795267)"; flow:established,from_client; content:"GET"; http_method; content:"/ssa_admin_estatement.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"216.126.225.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795267/; classtype:trojan-activity;sid:84658367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795266)"; flow:established,from_client; content:"GET"; http_method; content:"/ssa_estatement.msi"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"144.172.102.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795266/; classtype:trojan-activity;sid:84658366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795265)"; flow:established,from_client; content:"GET"; http_method; content:"/court_order_agent_473850_v10_14_4_rw.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"144.172.112.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795265/; classtype:trojan-activity;sid:84658365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795264)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/423zmn9cb2cubtf/ssa_e-file_%252825%2529.vbs/file"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795264/; classtype:trojan-activity;sid:84658364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795263)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"rich-wave.gontake.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795263/; classtype:trojan-activity;sid:84658363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.22.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795262/; classtype:trojan-activity;sid:84658362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.67.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795261/; classtype:trojan-activity;sid:84658361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795260)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8635093259/tuzr0qp.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795260/; classtype:trojan-activity;sid:84658360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.254.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795259/; classtype:trojan-activity;sid:84658359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.111.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795258/; classtype:trojan-activity;sid:84658358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.171.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795257/; classtype:trojan-activity;sid:84658357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.22.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795256/; classtype:trojan-activity;sid:84658356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795255)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"uzpjxi.whitebus.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795255/; classtype:trojan-activity;sid:84658355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.67.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795254/; classtype:trojan-activity;sid:84658354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.111.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795253/; classtype:trojan-activity;sid:84658353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.205.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795252/; classtype:trojan-activity;sid:84658352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.171.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795251/; classtype:trojan-activity;sid:84658351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795250)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"91.196.32.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795250/; classtype:trojan-activity;sid:84658350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795242)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795242/; classtype:trojan-activity;sid:84658342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795243)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.94.208.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795243/; classtype:trojan-activity;sid:84658343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795244)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795244/; classtype:trojan-activity;sid:84658344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795245)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795245/; classtype:trojan-activity;sid:84658345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795246)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795246/; classtype:trojan-activity;sid:84658346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795247)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795247/; classtype:trojan-activity;sid:84658347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795248)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795248/; classtype:trojan-activity;sid:84658348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795249)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"91.196.32.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795249/; classtype:trojan-activity;sid:84658349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.76.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795241/; classtype:trojan-activity;sid:84658341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.161.166.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795240/; classtype:trojan-activity;sid:84658340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.169.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795239/; classtype:trojan-activity;sid:84658339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795236)"; flow:established,from_client; content:"GET"; http_method; content:"/oxpdxnaob113/assets/js/4bonx494kg|3f|token=szjuj8lmq4yzszuo5oju1gjt8hzxtfg3"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"46.151.182.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795236/; classtype:trojan-activity;sid:84658336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795237)"; flow:established,from_client; content:"GET"; http_method; content:"/oxpdxnaob113/assets/js/tjyhj7uvnn|3f|token=szjuj8lmq4yzszuo5oju1gjt8hzxtfg3"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"46.151.182.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795237/; classtype:trojan-activity;sid:84658337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795238)"; flow:established,from_client; content:"GET"; http_method; content:"/oxpdxnaob113/assets/js/hk9r4h7dm6|3f|token=szjuj8lmq4yzszuo5oju1gjt8hzxtfg3"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"46.151.182.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795238/; classtype:trojan-activity;sid:84658338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.177.99.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795235/; classtype:trojan-activity;sid:84658335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.5.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795234/; classtype:trojan-activity;sid:84658334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.31.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795233/; classtype:trojan-activity;sid:84658333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.167.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795232/; classtype:trojan-activity;sid:84658332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.31.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795231/; classtype:trojan-activity;sid:84658331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.76.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795230/; classtype:trojan-activity;sid:84658330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.161.166.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795229/; classtype:trojan-activity;sid:84658329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.205.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795228/; classtype:trojan-activity;sid:84658328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795227)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=tvxufuzzyrmztpfm"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"l2mk50mf.rednet.digital"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795227/; classtype:trojan-activity;sid:84658327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.203.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795226/; classtype:trojan-activity;sid:84658326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.167.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795225/; classtype:trojan-activity;sid:84658325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.168.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795224/; classtype:trojan-activity;sid:84658324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.72.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795223/; classtype:trojan-activity;sid:84658323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.145.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795222/; classtype:trojan-activity;sid:84658322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.239.81.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795221/; classtype:trojan-activity;sid:84658321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.5.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795220/; classtype:trojan-activity;sid:84658320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.68.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795219/; classtype:trojan-activity;sid:84658319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.203.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795218/; classtype:trojan-activity;sid:84658318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.72.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795217/; classtype:trojan-activity;sid:84658317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.239.81.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795216/; classtype:trojan-activity;sid:84658316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.168.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795215/; classtype:trojan-activity;sid:84658315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795214)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tux.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"88.214.20.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795214/; classtype:trojan-activity;sid:84658314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795213)"; flow:established,from_client; content:"GET"; http_method; content:"/c/doc_902838.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"bgsgroup.com.ar"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795213/; classtype:trojan-activity;sid:84658313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.135.129.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795212/; classtype:trojan-activity;sid:84658312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795211)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok18.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vsdvsdvasvf.sbs"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795211/; classtype:trojan-activity;sid:84658311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795209)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tux.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"88.214.20.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795209/; classtype:trojan-activity;sid:84658309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795210)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tux.arm4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"88.214.20.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795210/; classtype:trojan-activity;sid:84658310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795206)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tux.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"88.214.20.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795206/; classtype:trojan-activity;sid:84658306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795207)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tux.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"88.214.20.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795207/; classtype:trojan-activity;sid:84658307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795208)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tux.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"88.214.20.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795208/; classtype:trojan-activity;sid:84658308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795203)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tux.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"88.214.20.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795203/; classtype:trojan-activity;sid:84658303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795204)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tux.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"88.214.20.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795204/; classtype:trojan-activity;sid:84658304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795205)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tux.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"88.214.20.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795205/; classtype:trojan-activity;sid:84658305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795198)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok18.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"gkgkgkgff.sbs"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795198/; classtype:trojan-activity;sid:84658298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795199)"; flow:established,from_client; content:"GET"; http_method; content:"/pardufrigi_installer_1.0.p1.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"pardu.pages.dev"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795199/; classtype:trojan-activity;sid:84658299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795200)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tux.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"88.214.20.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795200/; classtype:trojan-activity;sid:84658300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795201)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tux.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"88.214.20.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795201/; classtype:trojan-activity;sid:84658301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795202)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tux.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"88.214.20.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795202/; classtype:trojan-activity;sid:84658302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795197)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress%202026.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"pamellioty.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795197/; classtype:trojan-activity;sid:84658297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795196)"; flow:established,from_client; content:"GET"; http_method; content:"/xyz.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pizzatang.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795196/; classtype:trojan-activity;sid:84658296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.10.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795194/; classtype:trojan-activity;sid:84658294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795195)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.124.63.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795195/; classtype:trojan-activity;sid:84658295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795186)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/q587vyxq"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795186/; classtype:trojan-activity;sid:84658286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795187)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xgwysj8v"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795187/; classtype:trojan-activity;sid:84658287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795188)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/cpsxymsy"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795188/; classtype:trojan-activity;sid:84658288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795189)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/49te3xw9"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795189/; classtype:trojan-activity;sid:84658289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795190)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/cisqk9rp"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795190/; classtype:trojan-activity;sid:84658290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795191)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/lh5gz7vx"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795191/; classtype:trojan-activity;sid:84658291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795192)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kyz7pbsq"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795192/; classtype:trojan-activity;sid:84658292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795193)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/1yan6rsv"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795193/; classtype:trojan-activity;sid:84658293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795185)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bkvzexp8"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795185/; classtype:trojan-activity;sid:84658285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.206.207.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795184/; classtype:trojan-activity;sid:84658284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795183)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"catalogmonitor.whitebus.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795183/; classtype:trojan-activity;sid:84658283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.163.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795182/; classtype:trojan-activity;sid:84658282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.24.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795181/; classtype:trojan-activity;sid:84658281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795180)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"criloya.whitebus.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795180/; classtype:trojan-activity;sid:84658280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.34.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795179/; classtype:trojan-activity;sid:84658279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.26.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795178/; classtype:trojan-activity;sid:84658278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.185.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795177/; classtype:trojan-activity;sid:84658277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795176)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iceevery.whitebus.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795176/; classtype:trojan-activity;sid:84658276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.135.129.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795175/; classtype:trojan-activity;sid:84658275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.163.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795174/; classtype:trojan-activity;sid:84658274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.235.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795173/; classtype:trojan-activity;sid:84658273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.124.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795172/; classtype:trojan-activity;sid:84658272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.19.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795171/; classtype:trojan-activity;sid:84658271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.35.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795170/; classtype:trojan-activity;sid:84658270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.24.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795169/; classtype:trojan-activity;sid:84658269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.26.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795168/; classtype:trojan-activity;sid:84658268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.59.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795167/; classtype:trojan-activity;sid:84658267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.242.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795166/; classtype:trojan-activity;sid:84658266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.190.240.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795165/; classtype:trojan-activity;sid:84658265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.164.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795164/; classtype:trojan-activity;sid:84658264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795163)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique5/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795163/; classtype:trojan-activity;sid:84658263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.52.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795162/; classtype:trojan-activity;sid:84658262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.242.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795161/; classtype:trojan-activity;sid:84658261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.136.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795160/; classtype:trojan-activity;sid:84658260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795159)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sat-uplink.ferroluna.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795159/; classtype:trojan-activity;sid:84658259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795158)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"rock-core-v7.ferroluna.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795158/; classtype:trojan-activity;sid:84658258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.23.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795157/; classtype:trojan-activity;sid:84658257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.88.136.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795156/; classtype:trojan-activity;sid:84658256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795155)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"steel-base-9.ferroluna.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795155/; classtype:trojan-activity;sid:84658255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.93.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795154/; classtype:trojan-activity;sid:84658254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.82.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795153/; classtype:trojan-activity;sid:84658253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.59.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795152/; classtype:trojan-activity;sid:84658252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795151)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8520831842/ymueqhk.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795151/; classtype:trojan-activity;sid:84658251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.23.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795150/; classtype:trojan-activity;sid:84658250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795149)"; flow:established,from_client; content:"GET"; http_method; content:"/m1-nc/roukii/main/up.png"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795149/; classtype:trojan-activity;sid:84658249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795146)"; flow:established,from_client; content:"GET"; http_method; content:"/m1-nc/roukii/raw/main/up.png"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795146/; classtype:trojan-activity;sid:84658246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795147)"; flow:established,from_client; content:"GET"; http_method; content:"/m1-nc/roukii/main/m1-nc.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795147/; classtype:trojan-activity;sid:84658247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795148)"; flow:established,from_client; content:"GET"; http_method; content:"/m1-nc/roukii/raw/main/m1-nc.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795148/; classtype:trojan-activity;sid:84658248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795144)"; flow:established,from_client; content:"GET"; http_method; content:"/mu126-afk/um/main/ud.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795144/; classtype:trojan-activity;sid:84658244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795145)"; flow:established,from_client; content:"GET"; http_method; content:"/m1-nc/roukii/main/ud.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795145/; classtype:trojan-activity;sid:84658245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.68.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795143/; classtype:trojan-activity;sid:84658243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795142)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"moon-orbit-3.ferroluna.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795142/; classtype:trojan-activity;sid:84658242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.190.240.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795141/; classtype:trojan-activity;sid:84658241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.28.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795140/; classtype:trojan-activity;sid:84658240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795139)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"open-space-v.grandespace.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795139/; classtype:trojan-activity;sid:84658239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.93.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795138/; classtype:trojan-activity;sid:84658238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795137)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vast-field-01.grandespace.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795137/; classtype:trojan-activity;sid:84658237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.82.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795136/; classtype:trojan-activity;sid:84658236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.71.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795135/; classtype:trojan-activity;sid:84658235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795134)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"area-zone-55.grandespace.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795134/; classtype:trojan-activity;sid:84658234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.252.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795133/; classtype:trojan-activity;sid:84658233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795132)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7769977063/h7dc3me.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795132/; classtype:trojan-activity;sid:84658232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.55.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795131/; classtype:trojan-activity;sid:84658231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.55.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795130/; classtype:trojan-activity;sid:84658230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.28.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795129/; classtype:trojan-activity;sid:84658229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795128)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"outer-rim-9.grandespace.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795128/; classtype:trojan-activity;sid:84658228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.71.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795127/; classtype:trojan-activity;sid:84658227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.30.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795126/; classtype:trojan-activity;sid:84658226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.16.168"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795125/; classtype:trojan-activity;sid:84658225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.247.88.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795124/; classtype:trojan-activity;sid:84658224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795123)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vision-sync.nachtlicht.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795123/; classtype:trojan-activity;sid:84658223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.19.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795122/; classtype:trojan-activity;sid:84658222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795121)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"scan-point-21.nachtlicht.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795121/; classtype:trojan-activity;sid:84658221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.252.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795120/; classtype:trojan-activity;sid:84658220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795119)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"light-bridge-4.nachtlicht.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795119/; classtype:trojan-activity;sid:84658219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.30.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795118/; classtype:trojan-activity;sid:84658218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.73.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795117/; classtype:trojan-activity;sid:84658217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.16.168"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795116/; classtype:trojan-activity;sid:84658216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.87.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795115/; classtype:trojan-activity;sid:84658215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.118.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795114/; classtype:trojan-activity;sid:84658214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795113)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dark-room-v8.nachtlicht.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795113/; classtype:trojan-activity;sid:84658213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.189.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795112/; classtype:trojan-activity;sid:84658212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795111)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ghost-node.cybergeist.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795111/; classtype:trojan-activity;sid:84658211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795110/; classtype:trojan-activity;sid:84658210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795109)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"user-auth-x2.cybergeist.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795109/; classtype:trojan-activity;sid:84658209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.255.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795108/; classtype:trojan-activity;sid:84658208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.19.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795107/; classtype:trojan-activity;sid:84658207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.73.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795106/; classtype:trojan-activity;sid:84658206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.118.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795105/; classtype:trojan-activity;sid:84658205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795104)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8115221351/c8hckrf.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795104/; classtype:trojan-activity;sid:84658204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.243.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795103/; classtype:trojan-activity;sid:84658203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.196.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795102/; classtype:trojan-activity;sid:84658202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.87.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795101/; classtype:trojan-activity;sid:84658201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.94.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795100/; classtype:trojan-activity;sid:84658200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795099)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"core-shell-77.cybergeist.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795099/; classtype:trojan-activity;sid:84658199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.255.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795098/; classtype:trojan-activity;sid:84658198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.89.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795097/; classtype:trojan-activity;sid:84658197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795096)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=gaifjxjbnetrplnn"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"wmfkj2w9.oakbit.digital"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795096/; classtype:trojan-activity;sid:84658196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795095)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"alpha-trace-0.cybergeist.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795095/; classtype:trojan-activity;sid:84658195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.215.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795094/; classtype:trojan-activity;sid:84658194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.243.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795093/; classtype:trojan-activity;sid:84658193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.35.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795092/; classtype:trojan-activity;sid:84658192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795091)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"point-entry.mondosolido.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795091/; classtype:trojan-activity;sid:84658191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.229.54.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795090/; classtype:trojan-activity;sid:84658190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.196.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795089/; classtype:trojan-activity;sid:84658189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795088)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"data-base-v3.mondosolido.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795088/; classtype:trojan-activity;sid:84658188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795087)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7769977063/h7dc3me.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795087/; classtype:trojan-activity;sid:84658187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.84.222.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795086/; classtype:trojan-activity;sid:84658186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.162.80.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795085/; classtype:trojan-activity;sid:84658185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.42.89.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795084/; classtype:trojan-activity;sid:84658184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795083)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"base-infra-9.mondosolido.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795083/; classtype:trojan-activity;sid:84658183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.138.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795082/; classtype:trojan-activity;sid:84658182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.215.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795081/; classtype:trojan-activity;sid:84658181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.94.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795080/; classtype:trojan-activity;sid:84658180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.229.54.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795079/; classtype:trojan-activity;sid:84658179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.199.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795078/; classtype:trojan-activity;sid:84658178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.138.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795077/; classtype:trojan-activity;sid:84658177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795076/; classtype:trojan-activity;sid:84658176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.251.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795075/; classtype:trojan-activity;sid:84658175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.199.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795074/; classtype:trojan-activity;sid:84658174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795073)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"global-net-1.mondosolido.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795073/; classtype:trojan-activity;sid:84658173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.154.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795072/; classtype:trojan-activity;sid:84658172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795071)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"local-hub-test.petitbureau.in.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795071/; classtype:trojan-activity;sid:84658171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795070)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"staff-portal-5.petitbureau.in.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795070/; classtype:trojan-activity;sid:84658170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.183.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795069/; classtype:trojan-activity;sid:84658169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795068/; classtype:trojan-activity;sid:84658168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.251.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795067/; classtype:trojan-activity;sid:84658167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.40.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795066/; classtype:trojan-activity;sid:84658166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.247.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795065/; classtype:trojan-activity;sid:84658165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.217.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795064/; classtype:trojan-activity;sid:84658164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.90.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795063/; classtype:trojan-activity;sid:84658163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.90.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795062/; classtype:trojan-activity;sid:84658162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.15.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795061/; classtype:trojan-activity;sid:84658161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795060/; classtype:trojan-activity;sid:84658160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795059)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"work-flow-v2.petitbureau.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795059/; classtype:trojan-activity;sid:84658159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.90.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795058/; classtype:trojan-activity;sid:84658158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.36.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795057/; classtype:trojan-activity;sid:84658157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.104.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795056/; classtype:trojan-activity;sid:84658156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.0.72.159"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795055/; classtype:trojan-activity;sid:84658155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.183.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795054/; classtype:trojan-activity;sid:84658154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795053)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"office-link-0.petitbureau.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795053/; classtype:trojan-activity;sid:84658153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.104.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795052/; classtype:trojan-activity;sid:84658152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.80.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795051/; classtype:trojan-activity;sid:84658151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.40.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795050/; classtype:trojan-activity;sid:84658150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.46.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795049/; classtype:trojan-activity;sid:84658149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.247.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795048/; classtype:trojan-activity;sid:84658148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795047)"; flow:established,from_client; content:"GET"; http_method; content:"/36/cbc/uwanttobefineforeverything.hta"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"107.175.246.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795047/; classtype:trojan-activity;sid:84658147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795046)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"gateway-secure.starkstrom.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795046/; classtype:trojan-activity;sid:84658146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795045)"; flow:established,from_client; content:"GET"; http_method; content:"/35/ecg/ncoooe.hta"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"107.175.246.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795045/; classtype:trojan-activity;sid:84658145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.217.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795044/; classtype:trojan-activity;sid:84658144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.199.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795043/; classtype:trojan-activity;sid:84658143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.36.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795041/; classtype:trojan-activity;sid:84658141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.104.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795042/; classtype:trojan-activity;sid:84658142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.212.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795040/; classtype:trojan-activity;sid:84658140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.104.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795039/; classtype:trojan-activity;sid:84658139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795038)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sys-monitor-x.starkstrom.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795038/; classtype:trojan-activity;sid:84658138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.93.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795037/; classtype:trojan-activity;sid:84658137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.24.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795036/; classtype:trojan-activity;sid:84658136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.198.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795035/; classtype:trojan-activity;sid:84658135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795034)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"load-balancer-3.starkstrom.in.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795034/; classtype:trojan-activity;sid:84658134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.249.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795033/; classtype:trojan-activity;sid:84658133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.212.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795032/; classtype:trojan-activity;sid:84658132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795031)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"power-grid-88.starkstrom.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795031/; classtype:trojan-activity;sid:84658131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795030)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"internal-dns.cielonumerique.in.net"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795030/; classtype:trojan-activity;sid:84658130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.198.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795029/; classtype:trojan-activity;sid:84658129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795028)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cache-dist-12.cielonumerique.in.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795028/; classtype:trojan-activity;sid:84658128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.93.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795027/; classtype:trojan-activity;sid:84658127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795026)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"backend-core-7.cielonumerique.in.net"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795026/; classtype:trojan-activity;sid:84658126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.249.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795024/; classtype:trojan-activity;sid:84658124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.161.142.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795025/; classtype:trojan-activity;sid:84658125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.210.77.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795023/; classtype:trojan-activity;sid:84658123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.88.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795022/; classtype:trojan-activity;sid:84658122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.2.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795021/; classtype:trojan-activity;sid:84658121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.15.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795020/; classtype:trojan-activity;sid:84658120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795019)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"remote-access-v4.cielonumerique.in.net"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795019/; classtype:trojan-activity;sid:84658119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.37.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795017/; classtype:trojan-activity;sid:84658117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.226.212.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795018/; classtype:trojan-activity;sid:84658118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.85.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795016/; classtype:trojan-activity;sid:84658116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.210.77.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795015/; classtype:trojan-activity;sid:84658115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.37.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795014/; classtype:trojan-activity;sid:84658114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795013)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jwye2z4k24dof2jumukozlephkiq/000/2/ohksfjce.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"link.storjshare.io"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795013/; classtype:trojan-activity;sid:84658113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795012)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"app-data-sync.vittoriastrada.in.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795012/; classtype:trojan-activity;sid:84658112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795011)"; flow:established,from_client; content:"GET"; http_method; content:"/wlan.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795011/; classtype:trojan-activity;sid:84658111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795010)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"web-proxy-99.vittoriastrada.in.net"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795010/; classtype:trojan-activity;sid:84658110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.108.90.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795009/; classtype:trojan-activity;sid:84658109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795008/; classtype:trojan-activity;sid:84658108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795007)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cloud-storage-5.vittoriastrada.in.net"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795007/; classtype:trojan-activity;sid:84658107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"173.28.103.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795006/; classtype:trojan-activity;sid:84658106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.2.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795005/; classtype:trojan-activity;sid:84658105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.80.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795004/; classtype:trojan-activity;sid:84658104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.61.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795003/; classtype:trojan-activity;sid:84658103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.108.90.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795002/; classtype:trojan-activity;sid:84658102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.56.232.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795001/; classtype:trojan-activity;sid:84658101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.52.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795000/; classtype:trojan-activity;sid:84658100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"173.28.103.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794999/; classtype:trojan-activity;sid:84658099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.80.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794998/; classtype:trojan-activity;sid:84658098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.141.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794997/; classtype:trojan-activity;sid:84658097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.152.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794996/; classtype:trojan-activity;sid:84658096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.76.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794995/; classtype:trojan-activity;sid:84658095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794994)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"metrics-sync.kristallwelt.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794994/; classtype:trojan-activity;sid:84658094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.201.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794992/; classtype:trojan-activity;sid:84658092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.61.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794993/; classtype:trojan-activity;sid:84658093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794991)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"85.122.114.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794991/; classtype:trojan-activity;sid:84658091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794990)"; flow:established,from_client; content:"GET"; http_method; content:"/aileqac3yep7oqdhygjpberqqnk2zrnhck2lx/busket/2/03x12x26/01/ohksfjce.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"s3.g.s4.mega.io"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794990/; classtype:trojan-activity;sid:84658090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.141.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794988/; classtype:trojan-activity;sid:84658088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.93.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794989/; classtype:trojan-activity;sid:84658089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794987)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dev-test-01.kristallwelt.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794987/; classtype:trojan-activity;sid:84658087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.23.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794986/; classtype:trojan-activity;sid:84658086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.236.150.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794985/; classtype:trojan-activity;sid:84658085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.52.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794984/; classtype:trojan-activity;sid:84658084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794983)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"api-node-v2.kristallwelt.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794983/; classtype:trojan-activity;sid:84658083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.2.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794982/; classtype:trojan-activity;sid:84658082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794981)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cdn-static-1.kristallwelt.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794981/; classtype:trojan-activity;sid:84658081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.76.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794980/; classtype:trojan-activity;sid:84658080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.93.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794979/; classtype:trojan-activity;sid:84658079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.103.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794978/; classtype:trojan-activity;sid:84658078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.150.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794977/; classtype:trojan-activity;sid:84658077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794976)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"endpointtest.chifdark.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794976/; classtype:trojan-activity;sid:84658076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.2.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794975/; classtype:trojan-activity;sid:84658075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.103.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794974/; classtype:trojan-activity;sid:84658074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.100.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794973/; classtype:trojan-activity;sid:84658073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.106.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794971/; classtype:trojan-activity;sid:84658071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.242.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794972/; classtype:trojan-activity;sid:84658072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794970)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"reel-age.chifdark.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794970/; classtype:trojan-activity;sid:84658070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.155.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794969/; classtype:trojan-activity;sid:84658069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.206.207.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794968/; classtype:trojan-activity;sid:84658068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.54.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794967/; classtype:trojan-activity;sid:84658067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.155.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794966/; classtype:trojan-activity;sid:84658066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794965)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ipggvyss.chifdark.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794965/; classtype:trojan-activity;sid:84658065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.11.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794964/; classtype:trojan-activity;sid:84658064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.245.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794963/; classtype:trojan-activity;sid:84658063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794962)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"closedgranite.chifdark.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794962/; classtype:trojan-activity;sid:84658062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.26.227.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794961/; classtype:trojan-activity;sid:84658061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.54.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794960/; classtype:trojan-activity;sid:84658060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.216.44.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794959/; classtype:trojan-activity;sid:84658059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794956)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"7xvura.coldcaught.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794956/; classtype:trojan-activity;sid:84658056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.127.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794957/; classtype:trojan-activity;sid:84658057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.11.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794958/; classtype:trojan-activity;sid:84658058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.12.98.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794955/; classtype:trojan-activity;sid:84658055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794954)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"i0n3-graph.coldcaught.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794954/; classtype:trojan-activity;sid:84658054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.216.44.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794953/; classtype:trojan-activity;sid:84658053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.219.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794952/; classtype:trojan-activity;sid:84658052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.127.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794951/; classtype:trojan-activity;sid:84658051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.221.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794950/; classtype:trojan-activity;sid:84658050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794949)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cratelayout.coldcaught.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794949/; classtype:trojan-activity;sid:84658049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794948)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"m4nif-stack.coldcaught.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794948/; classtype:trojan-activity;sid:84658048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.219.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794947/; classtype:trojan-activity;sid:84658047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794946)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6902778688/acjquey.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794946/; classtype:trojan-activity;sid:84658046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794945)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sannod.liberalpilka.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794945/; classtype:trojan-activity;sid:84658045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.221.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794944/; classtype:trojan-activity;sid:84658044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.157.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794943/; classtype:trojan-activity;sid:84658043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794942)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8441193572/na8u4fe.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794942/; classtype:trojan-activity;sid:84658042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794941)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vfjpe.liberalpilka.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794941/; classtype:trojan-activity;sid:84658041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794940)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vorcoreix1.liberalpilka.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794940/; classtype:trojan-activity;sid:84658040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.112.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794939/; classtype:trojan-activity;sid:84658039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.157.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794938/; classtype:trojan-activity;sid:84658038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794937)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"scarnetwor.liberalpilka.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794937/; classtype:trojan-activity;sid:84658037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.50.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794936/; classtype:trojan-activity;sid:84658036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794935)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ohqr.migratetulle.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3794935/; classtype:trojan-activity;sid:84658035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.76.99.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794934/; classtype:trojan-activity;sid:84658034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.112.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794933/; classtype:trojan-activity;sid:84658033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.50.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794932/; classtype:trojan-activity;sid:84658032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.157.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794931/; classtype:trojan-activity;sid:84658031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794930)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"threadtrend.migratetulle.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794930/; classtype:trojan-activity;sid:84658030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.115.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794929/; classtype:trojan-activity;sid:84658029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.211.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794928/; classtype:trojan-activity;sid:84658028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.211.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794927/; classtype:trojan-activity;sid:84658027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794926)"; flow:established,from_client; content:"GET"; http_method; content:"/hb8ipc.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.151.182.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794926/; classtype:trojan-activity;sid:84658026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.98.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794925/; classtype:trojan-activity;sid:84658025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794924)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"alt-0tter.migratetulle.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794924/; classtype:trojan-activity;sid:84658024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.130.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794923/; classtype:trojan-activity;sid:84658023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.2.55.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794922/; classtype:trojan-activity;sid:84658022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794921)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"61yede8.migratetulle.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794921/; classtype:trojan-activity;sid:84658021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.110.15.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794920/; classtype:trojan-activity;sid:84658020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.157.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794919/; classtype:trojan-activity;sid:84658019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.76.99.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794918/; classtype:trojan-activity;sid:84658018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794917)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7048186296/sasbjh2.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794917/; classtype:trojan-activity;sid:84658017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794916)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vyyrr.idyllmuscat.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794916/; classtype:trojan-activity;sid:84658016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.130.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794915/; classtype:trojan-activity;sid:84658015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794914)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1591294058/vmvo8pf.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794914/; classtype:trojan-activity;sid:84658014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794913)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kh9zgked.idyllmuscat.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794913/; classtype:trojan-activity;sid:84658013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.116.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794912/; classtype:trojan-activity;sid:84658012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.2.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794911/; classtype:trojan-activity;sid:84658011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794910)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"d3ploy-mesh.idyllmuscat.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794910/; classtype:trojan-activity;sid:84658010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.243.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794909/; classtype:trojan-activity;sid:84658009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794908)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"eih59fij.idyllmuscat.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794908/; classtype:trojan-activity;sid:84658008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794907)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"zen-crestex.concretemixer.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794907/; classtype:trojan-activity;sid:84658007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.27.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794906/; classtype:trojan-activity;sid:84658006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.27.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794905/; classtype:trojan-activity;sid:84658005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.2.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794904/; classtype:trojan-activity;sid:84658004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.124.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794903/; classtype:trojan-activity;sid:84658003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794902)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ypzwu43.concretemixer.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794902/; classtype:trojan-activity;sid:84658002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.97.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794901/; classtype:trojan-activity;sid:84658001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.253.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794900/; classtype:trojan-activity;sid:84658000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.213.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794899/; classtype:trojan-activity;sid:84657999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794898)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"getjwrv.concretemixer.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794898/; classtype:trojan-activity;sid:84657998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.177.101.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794897/; classtype:trojan-activity;sid:84657997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794896)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"rq4pe.concretemixer.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794896/; classtype:trojan-activity;sid:84657996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.128.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794895/; classtype:trojan-activity;sid:84657995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794894)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"91.196.32.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794894/; classtype:trojan-activity;sid:84657994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794893)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"91.196.32.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794893/; classtype:trojan-activity;sid:84657993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794888)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"91.196.32.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794888/; classtype:trojan-activity;sid:84657988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794889)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"91.196.32.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794889/; classtype:trojan-activity;sid:84657989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794890)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"91.196.32.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794890/; classtype:trojan-activity;sid:84657990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794891)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"91.196.32.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794891/; classtype:trojan-activity;sid:84657991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794892)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"91.196.32.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794892/; classtype:trojan-activity;sid:84657992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794884)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"91.196.32.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794884/; classtype:trojan-activity;sid:84657984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794885)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"91.196.32.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794885/; classtype:trojan-activity;sid:84657985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794886)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"91.196.32.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794886/; classtype:trojan-activity;sid:84657986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794887)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"91.196.32.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794887/; classtype:trojan-activity;sid:84657987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.231.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794883/; classtype:trojan-activity;sid:84657983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.84.213.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794882/; classtype:trojan-activity;sid:84657982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.142.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794881/; classtype:trojan-activity;sid:84657981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.111.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794880/; classtype:trojan-activity;sid:84657980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794879)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"lay3r4-cache.blowdisassem.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794879/; classtype:trojan-activity;sid:84657979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.124.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794878/; classtype:trojan-activity;sid:84657978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.202.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794877/; classtype:trojan-activity;sid:84657977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.111.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794876/; classtype:trojan-activity;sid:84657976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794875)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"uga9ai.blowdisassem.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794875/; classtype:trojan-activity;sid:84657975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.231.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794874/; classtype:trojan-activity;sid:84657974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.142.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794873/; classtype:trojan-activity;sid:84657973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.238.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794872/; classtype:trojan-activity;sid:84657972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.10.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794871/; classtype:trojan-activity;sid:84657971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.235.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794870/; classtype:trojan-activity;sid:84657970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.128.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794869/; classtype:trojan-activity;sid:84657969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794868)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"fgctlmw.blowdisassem.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794868/; classtype:trojan-activity;sid:84657968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794867)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"piouzv.blowdisassem.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794867/; classtype:trojan-activity;sid:84657967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794866)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"merline3ar.synchronting.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794866/; classtype:trojan-activity;sid:84657966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.235.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794865/; classtype:trojan-activity;sid:84657965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794864)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"arkspire4um.synchronting.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794864/; classtype:trojan-activity;sid:84657964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794863)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"viykdw01.synchronting.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794863/; classtype:trojan-activity;sid:84657963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794862)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nor-nexet.synchronting.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794862/; classtype:trojan-activity;sid:84657962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.78.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794861/; classtype:trojan-activity;sid:84657961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794860)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"stitchroo.directkorchaga.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794860/; classtype:trojan-activity;sid:84657960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794859)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"arknexen.directkorchaga.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794859/; classtype:trojan-activity;sid:84657959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794858)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"186.169.43.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794858/; classtype:trojan-activity;sid:84657958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794857)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.js"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"186.169.43.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794857/; classtype:trojan-activity;sid:84657957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794856)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"186.169.43.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794856/; classtype:trojan-activity;sid:84657956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794855)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.bat"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"186.169.43.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794855/; classtype:trojan-activity;sid:84657955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794854)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"gzgqdb.directkorchaga.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794854/; classtype:trojan-activity;sid:84657954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.245.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794853/; classtype:trojan-activity;sid:84657953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.184.179.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794852/; classtype:trojan-activity;sid:84657952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794849)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.ppc440"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794849/; classtype:trojan-activity;sid:84657949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794850)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794850/; classtype:trojan-activity;sid:84657950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794851)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794851/; classtype:trojan-activity;sid:84657951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794845)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=faoszwmsjcybfpmx"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"fxtlp6so.eyedmerlushka.digital"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794845/; classtype:trojan-activity;sid:84657945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.78.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794846/; classtype:trojan-activity;sid:84657946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794847)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794847/; classtype:trojan-activity;sid:84657947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794848)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794848/; classtype:trojan-activity;sid:84657948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794842)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794842/; classtype:trojan-activity;sid:84657942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794843)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794843/; classtype:trojan-activity;sid:84657943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.78.229.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794844/; classtype:trojan-activity;sid:84657944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794840)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794840/; classtype:trojan-activity;sid:84657940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794841)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.x86_32"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794841/; classtype:trojan-activity;sid:84657941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794838)"; flow:established,from_client; content:"GET"; http_method; content:"/run.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.23.238.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794838/; classtype:trojan-activity;sid:84657938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794839)"; flow:established,from_client; content:"GET"; http_method; content:"/support.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.23.238.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794839/; classtype:trojan-activity;sid:84657939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794835)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"fxafcfe.invulshuga.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794835/; classtype:trojan-activity;sid:84657935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794836)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hhqh.invulshuga.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794836/; classtype:trojan-activity;sid:84657936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794837)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"temp-urban.directkorchaga.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794837/; classtype:trojan-activity;sid:84657937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794834)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794834/; classtype:trojan-activity;sid:84657934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794830)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794830/; classtype:trojan-activity;sid:84657930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794831)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.i486"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794831/; classtype:trojan-activity;sid:84657931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794832)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794832/; classtype:trojan-activity;sid:84657932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794833)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794833/; classtype:trojan-activity;sid:84657933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794823)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794823/; classtype:trojan-activity;sid:84657923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794824)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794824/; classtype:trojan-activity;sid:84657924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794825)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794825/; classtype:trojan-activity;sid:84657925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794826)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794826/; classtype:trojan-activity;sid:84657926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794827)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794827/; classtype:trojan-activity;sid:84657927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794828)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794828/; classtype:trojan-activity;sid:84657928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794829)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794829/; classtype:trojan-activity;sid:84657929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794819)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794819/; classtype:trojan-activity;sid:84657919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794820)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc440"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794820/; classtype:trojan-activity;sid:84657920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794821)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794821/; classtype:trojan-activity;sid:84657921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794822)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794822/; classtype:trojan-activity;sid:84657922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794816)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.i686"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794816/; classtype:trojan-activity;sid:84657916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794817)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794817/; classtype:trojan-activity;sid:84657917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794818)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794818/; classtype:trojan-activity;sid:84657918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794812)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794812/; classtype:trojan-activity;sid:84657912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794813)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.mipsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794813/; classtype:trojan-activity;sid:84657913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794814)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794814/; classtype:trojan-activity;sid:84657914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794815)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"chanchanmiraixd.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794815/; classtype:trojan-activity;sid:84657915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794811)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794811/; classtype:trojan-activity;sid:84657911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794810)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.x86_32"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794810/; classtype:trojan-activity;sid:84657910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794807)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.ppc440"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794807/; classtype:trojan-activity;sid:84657907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794808)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.mipsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794808/; classtype:trojan-activity;sid:84657908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794809)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794809/; classtype:trojan-activity;sid:84657909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794806)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.i486"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794806/; classtype:trojan-activity;sid:84657906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794801)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794801/; classtype:trojan-activity;sid:84657901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794802)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794802/; classtype:trojan-activity;sid:84657902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794803)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794803/; classtype:trojan-activity;sid:84657903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794804)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.i686"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794804/; classtype:trojan-activity;sid:84657904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794805)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794805/; classtype:trojan-activity;sid:84657905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794797)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794797/; classtype:trojan-activity;sid:84657897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794798)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794798/; classtype:trojan-activity;sid:84657898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794799)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794799/; classtype:trojan-activity;sid:84657899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794800)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794800/; classtype:trojan-activity;sid:84657900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794796)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794796/; classtype:trojan-activity;sid:84657896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.253.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794795/; classtype:trojan-activity;sid:84657895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794794)"; flow:established,from_client; content:"GET"; http_method; content:"/bbc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.175.223.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794794/; classtype:trojan-activity;sid:84657894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794793)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.234.99.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794793/; classtype:trojan-activity;sid:84657893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794792)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"spoolfox.invulshuga.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794792/; classtype:trojan-activity;sid:84657892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794788)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.234.99.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794788/; classtype:trojan-activity;sid:84657888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794789)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.234.99.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794789/; classtype:trojan-activity;sid:84657889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794790)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.234.99.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794790/; classtype:trojan-activity;sid:84657890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794791)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"84.234.99.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794791/; classtype:trojan-activity;sid:84657891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794784)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.234.99.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794784/; classtype:trojan-activity;sid:84657884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794785)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"84.234.99.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794785/; classtype:trojan-activity;sid:84657885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794786)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.234.99.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794786/; classtype:trojan-activity;sid:84657886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794787)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"84.234.99.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794787/; classtype:trojan-activity;sid:84657887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794781)"; flow:established,from_client; content:"GET"; http_method; content:"/kvmirqd"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794781/; classtype:trojan-activity;sid:84657881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794782)"; flow:established,from_client; content:"GET"; http_method; content:"/biosd0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794782/; classtype:trojan-activity;sid:84657882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794783)"; flow:established,from_client; content:"GET"; http_method; content:"/kintegrity0"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794783/; classtype:trojan-activity;sid:84657883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794776)"; flow:established,from_client; content:"GET"; http_method; content:"/kpsmoused0"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794776/; classtype:trojan-activity;sid:84657876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794777)"; flow:established,from_client; content:"GET"; http_method; content:"/mdsync1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794777/; classtype:trojan-activity;sid:84657877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794778)"; flow:established,from_client; content:"GET"; http_method; content:"/ethd0"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794778/; classtype:trojan-activity;sid:84657878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794779)"; flow:established,from_client; content:"GET"; http_method; content:"/ttmswapd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794779/; classtype:trojan-activity;sid:84657879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794780)"; flow:established,from_client; content:"GET"; http_method; content:"/ip6addrd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794780/; classtype:trojan-activity;sid:84657880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794772)"; flow:established,from_client; content:"GET"; http_method; content:"/ksnapd0"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794772/; classtype:trojan-activity;sid:84657872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794773)"; flow:established,from_client; content:"GET"; http_method; content:"/deferwqd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794773/; classtype:trojan-activity;sid:84657873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794774)"; flow:established,from_client; content:"GET"; http_method; content:"/devfreqd0"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794774/; classtype:trojan-activity;sid:84657874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794775)"; flow:established,from_client; content:"GET"; http_method; content:"/vredisd0"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794775/; classtype:trojan-activity;sid:84657875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794771)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mod3-trace.invulshuga.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794771/; classtype:trojan-activity;sid:84657871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794770)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"pricethread.starpit.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794770/; classtype:trojan-activity;sid:84657870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.234.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794769/; classtype:trojan-activity;sid:84657869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794768)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"zennex7is.starpit.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794768/; classtype:trojan-activity;sid:84657868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.197.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794767/; classtype:trojan-activity;sid:84657867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.65.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794766/; classtype:trojan-activity;sid:84657866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794765)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"runvv4-forge.starpit.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794765/; classtype:trojan-activity;sid:84657865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.40.185.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794764/; classtype:trojan-activity;sid:84657864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.65.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794763/; classtype:trojan-activity;sid:84657863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794762)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"7lqpjwbx.starpit.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794762/; classtype:trojan-activity;sid:84657862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.5.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794761/; classtype:trojan-activity;sid:84657861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794760)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.213.240.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794760/; classtype:trojan-activity;sid:84657860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.78.229.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794759/; classtype:trojan-activity;sid:84657859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.246.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794758/; classtype:trojan-activity;sid:84657858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794757)"; flow:established,from_client; content:"GET"; http_method; content:"/txt/king.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"tradingmastery.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794757/; classtype:trojan-activity;sid:84657857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794756)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"p5pywt.ironbay.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794756/; classtype:trojan-activity;sid:84657856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794755)"; flow:established,from_client; content:"GET"; http_method; content:"/46dhtvyz5.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dpaste.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794755/; classtype:trojan-activity;sid:84657855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.234.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794754/; classtype:trojan-activity;sid:84657854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.67.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794753/; classtype:trojan-activity;sid:84657853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.3.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794752/; classtype:trojan-activity;sid:84657852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794751)"; flow:established,from_client; content:"GET"; http_method; content:"/35/seethebstoptionforbetterwyasto.js"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"107.175.246.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794751/; classtype:trojan-activity;sid:84657851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794750)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.94.211.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794750/; classtype:trojan-activity;sid:84657850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794748)"; flow:established,from_client; content:"GET"; http_method; content:"/zfskdn73.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"209.54.102.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794748/; classtype:trojan-activity;sid:84657848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794749)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirthstresswashere"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"158.94.211.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794749/; classtype:trojan-activity;sid:84657849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794747)"; flow:established,from_client; content:"GET"; http_method; content:"/img_012505yubtcc.png"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"teslasuit.to"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794747/; classtype:trojan-activity;sid:84657847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794746)"; flow:established,from_client; content:"GET"; http_method; content:"/bgdgvrb/amidnja.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"valfanto.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794746/; classtype:trojan-activity;sid:84657846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794745)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"jycyry1b.ironbay.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794745/; classtype:trojan-activity;sid:84657845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.3.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794744/; classtype:trojan-activity;sid:84657844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.113.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794743/; classtype:trojan-activity;sid:84657843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.128.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794741/; classtype:trojan-activity;sid:84657841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.146.222.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794742/; classtype:trojan-activity;sid:84657842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.40.185.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794740/; classtype:trojan-activity;sid:84657840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794739)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"pine2-cast.ironbay.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794739/; classtype:trojan-activity;sid:84657839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794738)"; flow:established,from_client; content:"GET"; http_method; content:"/enterprise/iwkkaiqbhycfexkikagcltascwutxs0yml13q3eanfekatsrrx9wby08vbwnfjnqcgo6ldedbiqclxbbczqbslb1uswfm3qceabshzklfwgmkicfphcvliesdzwuex0dvqfsekvpdkjidwdrtn5hu1rvrnvgawlhf1hzqxzxuanvavi="; http_uri; depth:188; isdataat:!1,relative; nocase; content:"salelegalsteroids.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794738/; classtype:trojan-activity;sid:84657838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.5.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794737/; classtype:trojan-activity;sid:84657837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794736)"; flow:established,from_client; content:"GET"; http_method; content:"/36/seethebestoptionforeverybodytounder.js"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"107.175.246.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794736/; classtype:trojan-activity;sid:84657836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794735)"; flow:established,from_client; content:"GET"; http_method; content:"/comprovante-pix-12-03-2026.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"documentos.microsoft-waresystems.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794735/; classtype:trojan-activity;sid:84657835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794734)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dispatc-puls.ironbay.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794734/; classtype:trojan-activity;sid:84657834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794733)"; flow:established,from_client; content:"GET"; http_method; content:"/kakrarg/buckwheatsociology.ps1"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"80.71.224.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794733/; classtype:trojan-activity;sid:84657833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794732)"; flow:established,from_client; content:"GET"; http_method; content:"/kakrarg/sneakerassembly.ps1"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"80.71.224.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794732/; classtype:trojan-activity;sid:84657832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.67.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794731/; classtype:trojan-activity;sid:84657831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.249.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794730/; classtype:trojan-activity;sid:84657830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794729)"; flow:established,from_client; content:"GET"; http_method; content:"/poss5645/encrypt.ps1"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"gharnt.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794729/; classtype:trojan-activity;sid:84657829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794728)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"pine-fix.lakepit.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794728/; classtype:trojan-activity;sid:84657828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.128.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794727/; classtype:trojan-activity;sid:84657827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.188.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794726/; classtype:trojan-activity;sid:84657826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.146.222.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794725/; classtype:trojan-activity;sid:84657825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794724)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"solspireis6.lakepit.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794724/; classtype:trojan-activity;sid:84657824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.149.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794723/; classtype:trojan-activity;sid:84657823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794722)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"id3702579photo-image-docs.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794722/; classtype:trojan-activity;sid:84657822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794721)"; flow:established,from_client; content:"GET"; http_method; content:"/img_012505yubtcc.png"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.teslasuit.to"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794721/; classtype:trojan-activity;sid:84657821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794719)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msiyu.png"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"teslasuit.to"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794719/; classtype:trojan-activity;sid:84657819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794720)"; flow:established,from_client; content:"GET"; http_method; content:"/somthids/ejgddfd.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"valfanto.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794720/; classtype:trojan-activity;sid:84657820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.164.179.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794718/; classtype:trojan-activity;sid:84657818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794717)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"du5t0-frame.lakepit.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794717/; classtype:trojan-activity;sid:84657817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794715)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/da-62fe02b5-5618-420e-a7b8-3d97012a72b9.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"applicationhost17.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794715/; classtype:trojan-activity;sid:84657815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794714)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sy-5921a7eb-16a3-46cc-9ee6-0d8677d807df.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"applicationhost17.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794714/; classtype:trojan-activity;sid:84657814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794712)"; flow:established,from_client; content:"GET"; http_method; content:"/granad244.pcz"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"209.54.102.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794712/; classtype:trojan-activity;sid:84657812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794713)"; flow:established,from_client; content:"GET"; http_method; content:"/progressi.hhk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"209.54.102.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794713/; classtype:trojan-activity;sid:84657813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794709)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/upd-48c5a1c5-ddd4-465e-9c66-27efc1d5a846.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"applicationhost17.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794709/; classtype:trojan-activity;sid:84657809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794710)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/upd-f643a043-41c0-4ad0-94d1-b06c8286a9ab.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"applicationhost17.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794710/; classtype:trojan-activity;sid:84657810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794711)"; flow:established,from_client; content:"GET"; http_method; content:"/qobclhzlkw24.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"209.54.102.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794711/; classtype:trojan-activity;sid:84657811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794707)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/wn-9ec52640-adff-4623-a958-6a7133186985.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"applicationhost17.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794707/; classtype:trojan-activity;sid:84657807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794708)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ms-d2dc127d-084c-44d1-8615-6142396987bb.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"applicationhost17.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794708/; classtype:trojan-activity;sid:84657808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794705)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8425384370/mnvpx0p.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794705/; classtype:trojan-activity;sid:84657805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794706)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7903503838/hsy2oks.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794706/; classtype:trojan-activity;sid:84657806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794704)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8220471530/ads5xos.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794704/; classtype:trojan-activity;sid:84657804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.198.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794703/; classtype:trojan-activity;sid:84657803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.152.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794702/; classtype:trojan-activity;sid:84657802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.244.36.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794701/; classtype:trojan-activity;sid:84657801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.244.36.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794700/; classtype:trojan-activity;sid:84657800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794699)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8425384370/cpx8aax.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794699/; classtype:trojan-activity;sid:84657799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.152.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794698/; classtype:trojan-activity;sid:84657798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.180.84.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794697/; classtype:trojan-activity;sid:84657797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.198.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794696/; classtype:trojan-activity;sid:84657796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.131.163.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794695/; classtype:trojan-activity;sid:84657795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794694)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8167064937/7p402xv.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794694/; classtype:trojan-activity;sid:84657794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.30.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794693/; classtype:trojan-activity;sid:84657793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.180.84.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794692/; classtype:trojan-activity;sid:84657792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.131.163.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794691/; classtype:trojan-activity;sid:84657791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794690)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nl6rhf.lakepit.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794690/; classtype:trojan-activity;sid:84657790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.176.82.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794689/; classtype:trojan-activity;sid:84657789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.212.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794688/; classtype:trojan-activity;sid:84657788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794687)"; flow:established,from_client; content:"GET"; http_method; content:"/efvijuenvf_27_02_meus_arquivosdetexto/01.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"andrefelipedonascime1772127941945.0062186.meusitehostgator.com.br"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794687/; classtype:trojan-activity;sid:84657787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794685)"; flow:established,from_client; content:"GET"; http_method; content:"/efvijuenvf_27_02_meus_arquivosdetexto/02.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"andrefelipedonascime1772127941945.0062186.meusitehostgator.com.br"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794685/; classtype:trojan-activity;sid:84657785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794686)"; flow:established,from_client; content:"GET"; http_method; content:"/efvijuenvf_27_02_meus_arquivosdetexto/03.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"andrefelipedonascime1772127941945.0062186.meusitehostgator.com.br"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794686/; classtype:trojan-activity;sid:84657786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794684)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"offerclinic.rockbay.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794684/; classtype:trojan-activity;sid:84657784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.208.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794683/; classtype:trojan-activity;sid:84657783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794682)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"shieldretainer.rockbay.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794682/; classtype:trojan-activity;sid:84657782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.176.82.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794681/; classtype:trojan-activity;sid:84657781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794680)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bygesuy9.rockbay.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794680/; classtype:trojan-activity;sid:84657780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.95.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794679/; classtype:trojan-activity;sid:84657779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.208.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794678/; classtype:trojan-activity;sid:84657778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.95.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794677/; classtype:trojan-activity;sid:84657777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.247.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794676/; classtype:trojan-activity;sid:84657776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.126.86.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794675/; classtype:trojan-activity;sid:84657775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.39.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794674/; classtype:trojan-activity;sid:84657774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794673)"; flow:established,from_client; content:"GET"; http_method; content:"/v4343.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.107.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794673/; classtype:trojan-activity;sid:84657773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.83.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794672/; classtype:trojan-activity;sid:84657772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794671)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8548282130/o43gjva.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794671/; classtype:trojan-activity;sid:84657771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.153.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794670/; classtype:trojan-activity;sid:84657770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.46.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794669/; classtype:trojan-activity;sid:84657769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794668)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"anch0r-switch.bluebay.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794668/; classtype:trojan-activity;sid:84657768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794667)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"loaderdrive.bluebay.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794667/; classtype:trojan-activity;sid:84657767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794666)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"2umw.bluebay.in.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794666/; classtype:trojan-activity;sid:84657766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.126.86.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794665/; classtype:trojan-activity;sid:84657765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.83.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794664/; classtype:trojan-activity;sid:84657764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.181.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794663/; classtype:trojan-activity;sid:84657763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794662)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"couriframe.goldpit.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794662/; classtype:trojan-activity;sid:84657762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.210.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794661/; classtype:trojan-activity;sid:84657761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794660)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"fbge7x.goldpit.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794660/; classtype:trojan-activity;sid:84657760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794659)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7903503838/6nmkhzu.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794659/; classtype:trojan-activity;sid:84657759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.242.66.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794658/; classtype:trojan-activity;sid:84657758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794657)"; flow:established,from_client; content:"GET"; http_method; content:"/files/gop/random.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794657/; classtype:trojan-activity;sid:84657757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794656)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794656/; classtype:trojan-activity;sid:84657756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794653)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794653/; classtype:trojan-activity;sid:84657753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794654)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794654/; classtype:trojan-activity;sid:84657754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794655)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc440"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794655/; classtype:trojan-activity;sid:84657755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794651)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7411337060/zcgm9ky.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794651/; classtype:trojan-activity;sid:84657751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794652)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8499672124/b1jnsvy.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794652/; classtype:trojan-activity;sid:84657752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794650)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8167064937/l2bur1u.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794650/; classtype:trojan-activity;sid:84657750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794649)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"endpo2-craft.goldpit.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794649/; classtype:trojan-activity;sid:84657749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794648)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/4qrxrgo.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794648/; classtype:trojan-activity;sid:84657748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794646)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7453936223/kaq8pq5.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794646/; classtype:trojan-activity;sid:84657746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794647)"; flow:established,from_client; content:"GET"; http_method; content:"/files/oblivora/random.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794647/; classtype:trojan-activity;sid:84657747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794645)"; flow:established,from_client; content:"GET"; http_method; content:"/sexister.hhk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"209.54.102.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794645/; classtype:trojan-activity;sid:84657745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794644)"; flow:established,from_client; content:"GET"; http_method; content:"/ilitoryfrmxtjathx140.bin"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"209.54.102.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794644/; classtype:trojan-activity;sid:84657744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794643)"; flow:established,from_client; content:"GET"; http_method; content:"/177/ceo/wellthingsformebest.js"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"107.173.47.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794643/; classtype:trojan-activity;sid:84657743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794642)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"joqyh.windbay.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794642/; classtype:trojan-activity;sid:84657742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794641)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8441193572/i8n8jbr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794641/; classtype:trojan-activity;sid:84657741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794640)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1424975206/grfjpur.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794640/; classtype:trojan-activity;sid:84657740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794639)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5900855435/enle4nm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794639/; classtype:trojan-activity;sid:84657739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794638)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"exteneur.windbay.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794638/; classtype:trojan-activity;sid:84657738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794637)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dydqa.windbay.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794637/; classtype:trojan-activity;sid:84657737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.252.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794635/; classtype:trojan-activity;sid:84657735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.164.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794636/; classtype:trojan-activity;sid:84657736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.187.101.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794634/; classtype:trojan-activity;sid:84657734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794633)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tmzmig.redpit.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794633/; classtype:trojan-activity;sid:84657733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.113.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794632/; classtype:trojan-activity;sid:84657732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794631)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7903503838/hsy2oks.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794631/; classtype:trojan-activity;sid:84657731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794629/; classtype:trojan-activity;sid:84657729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.84.112.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794630/; classtype:trojan-activity;sid:84657730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.187.101.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794628/; classtype:trojan-activity;sid:84657728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794627)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"valleyreb.redpit.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794627/; classtype:trojan-activity;sid:84657727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.242.66.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794626/; classtype:trojan-activity;sid:84657726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794624)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique2/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794624/; classtype:trojan-activity;sid:84657724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794625)"; flow:established,from_client; content:"GET"; http_method; content:"/final/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794625/; classtype:trojan-activity;sid:84657725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794621)"; flow:established,from_client; content:"GET"; http_method; content:"/test/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794621/; classtype:trojan-activity;sid:84657721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794622)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"binar-vector.redpit.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794622/; classtype:trojan-activity;sid:84657722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794623)"; flow:established,from_client; content:"GET"; http_method; content:"/files/rdx/random.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794623/; classtype:trojan-activity;sid:84657723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794620)"; flow:established,from_client; content:"GET"; http_method; content:"/vidar/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"158.94.208.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794620/; classtype:trojan-activity;sid:84657720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794619)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"slate-marsh.oakbay.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794619/; classtype:trojan-activity;sid:84657719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.247.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794618/; classtype:trojan-activity;sid:84657718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794617)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"proto-re4ge.oakbay.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794617/; classtype:trojan-activity;sid:84657717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.190.238.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794616/; classtype:trojan-activity;sid:84657716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.164.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794615/; classtype:trojan-activity;sid:84657715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.84.112.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794614/; classtype:trojan-activity;sid:84657714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.163.181.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794613/; classtype:trojan-activity;sid:84657713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794612)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"summ-rural.oakbay.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794612/; classtype:trojan-activity;sid:84657712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.154.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794611/; classtype:trojan-activity;sid:84657711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.252.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794610/; classtype:trojan-activity;sid:84657710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.190.238.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794609/; classtype:trojan-activity;sid:84657709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.113.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794608/; classtype:trojan-activity;sid:84657708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.238.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794607/; classtype:trojan-activity;sid:84657707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794606)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"glzabh.sunpit.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794606/; classtype:trojan-activity;sid:84657706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794605)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dep0t9-well.sunpit.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794605/; classtype:trojan-activity;sid:84657705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794604)"; flow:established,from_client; content:"GET"; http_method; content:"/1827897262/mh/inject3.ps1"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"1827897262.v.123pan.cn"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794604/; classtype:trojan-activity;sid:84657704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794602)"; flow:established,from_client; content:"GET"; http_method; content:"/bullk/bruter.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"aaa4b.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794602/; classtype:trojan-activity;sid:84657702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794603)"; flow:established,from_client; content:"GET"; http_method; content:"/apk/apppro.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"proappv2.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794603/; classtype:trojan-activity;sid:84657703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.255.83.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794601/; classtype:trojan-activity;sid:84657701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794599)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8167064937/tofxzfq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794599/; classtype:trojan-activity;sid:84657699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794598)"; flow:established,from_client; content:"GET"; http_method; content:"/rustdesk-1.2.3-2-x86_64.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.150.co.il"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794598/; classtype:trojan-activity;sid:84657698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794597)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/sharp.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"baritonclick.online"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794597/; classtype:trojan-activity;sid:84657697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794596)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"2g1jl.sunpit.in.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794596/; classtype:trojan-activity;sid:84657696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.201.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794595/; classtype:trojan-activity;sid:84657695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794594)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sa17ql.sunpit.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794594/; classtype:trojan-activity;sid:84657694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.69.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794593/; classtype:trojan-activity;sid:84657693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794592)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"qdqhkub.restpay.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794592/; classtype:trojan-activity;sid:84657692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.198.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794591/; classtype:trojan-activity;sid:84657691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794590)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"urt925.restpay.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794590/; classtype:trojan-activity;sid:84657690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.45.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794589/; classtype:trojan-activity;sid:84657689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.75.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794588/; classtype:trojan-activity;sid:84657688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.76.224.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794587/; classtype:trojan-activity;sid:84657687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794586)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"brasyn.restpay.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794586/; classtype:trojan-activity;sid:84657686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794585)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vorspire4ex.restpay.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794585/; classtype:trojan-activity;sid:84657685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794584)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"01n680.calloak.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794584/; classtype:trojan-activity;sid:84657684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.177.97.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794583/; classtype:trojan-activity;sid:84657683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794582)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"eubz.calloak.in.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794582/; classtype:trojan-activity;sid:84657682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.172.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794581/; classtype:trojan-activity;sid:84657681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794580)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"9jmu.calloak.in.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794580/; classtype:trojan-activity;sid:84657680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.172.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794579/; classtype:trojan-activity;sid:84657679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.231.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794578/; classtype:trojan-activity;sid:84657678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.131.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794577/; classtype:trojan-activity;sid:84657677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794576)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"growt1-field.calloak.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794576/; classtype:trojan-activity;sid:84657676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.166.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794575/; classtype:trojan-activity;sid:84657675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.49.65.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794574/; classtype:trojan-activity;sid:84657674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.131.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794573/; classtype:trojan-activity;sid:84657673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.93.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794571/; classtype:trojan-activity;sid:84657671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.231.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794572/; classtype:trojan-activity;sid:84657672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.45.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794570/; classtype:trojan-activity;sid:84657670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794569)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"refineterminal.jacksend.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794569/; classtype:trojan-activity;sid:84657669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.136.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794568/; classtype:trojan-activity;sid:84657668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794567)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"strictinspect.jacksend.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794567/; classtype:trojan-activity;sid:84657667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.190.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794566/; classtype:trojan-activity;sid:84657666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.93.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794565/; classtype:trojan-activity;sid:84657665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.65.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794564/; classtype:trojan-activity;sid:84657664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.122.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794563/; classtype:trojan-activity;sid:84657663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.184.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794562/; classtype:trojan-activity;sid:84657662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.190.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794561/; classtype:trojan-activity;sid:84657661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.236.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794560/; classtype:trojan-activity;sid:84657660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.198.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794559/; classtype:trojan-activity;sid:84657659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.122.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794558/; classtype:trojan-activity;sid:84657658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.101.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794557/; classtype:trojan-activity;sid:84657657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.135.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794556/; classtype:trojan-activity;sid:84657656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794555/; classtype:trojan-activity;sid:84657655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.161.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794554/; classtype:trojan-activity;sid:84657654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.34.109.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794553/; classtype:trojan-activity;sid:84657653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.27.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794552/; classtype:trojan-activity;sid:84657652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.236.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794551/; classtype:trojan-activity;sid:84657651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.101.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794550/; classtype:trojan-activity;sid:84657650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.192.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794549/; classtype:trojan-activity;sid:84657649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.166.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794548/; classtype:trojan-activity;sid:84657648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.142.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794547/; classtype:trojan-activity;sid:84657647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.204.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794546/; classtype:trojan-activity;sid:84657646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.237.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794545/; classtype:trojan-activity;sid:84657645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.135.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794544/; classtype:trojan-activity;sid:84657644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.34.109.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794543/; classtype:trojan-activity;sid:84657643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.166.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794542/; classtype:trojan-activity;sid:84657642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.27.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794541/; classtype:trojan-activity;sid:84657641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.192.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794540/; classtype:trojan-activity;sid:84657640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.215.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794539/; classtype:trojan-activity;sid:84657639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.204.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794538/; classtype:trojan-activity;sid:84657638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.237.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794537/; classtype:trojan-activity;sid:84657637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.148.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794536/; classtype:trojan-activity;sid:84657636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.27.218.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794535/; classtype:trojan-activity;sid:84657635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.186.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794534/; classtype:trojan-activity;sid:84657634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.5.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794533/; classtype:trojan-activity;sid:84657633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.233.204.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794532/; classtype:trojan-activity;sid:84657632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.215.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794531/; classtype:trojan-activity;sid:84657631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.107.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794530/; classtype:trojan-activity;sid:84657630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.165.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794529/; classtype:trojan-activity;sid:84657629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.184.56.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794528/; classtype:trojan-activity;sid:84657628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.184.56.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794527/; classtype:trojan-activity;sid:84657627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.181.226.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794526/; classtype:trojan-activity;sid:84657626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.190.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794524/; classtype:trojan-activity;sid:84657624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.186.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794525/; classtype:trojan-activity;sid:84657625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.167.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794523/; classtype:trojan-activity;sid:84657623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.233.204.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794522/; classtype:trojan-activity;sid:84657622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.107.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794521/; classtype:trojan-activity;sid:84657621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.190.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794519/; classtype:trojan-activity;sid:84657619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.220.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794520/; classtype:trojan-activity;sid:84657620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.254.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794518/; classtype:trojan-activity;sid:84657618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.58.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794517/; classtype:trojan-activity;sid:84657617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.238.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794516/; classtype:trojan-activity;sid:84657616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.50.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794515/; classtype:trojan-activity;sid:84657615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.254.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794514/; classtype:trojan-activity;sid:84657614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794512)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794512/; classtype:trojan-activity;sid:84657612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794513)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794513/; classtype:trojan-activity;sid:84657613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794511)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794511/; classtype:trojan-activity;sid:84657611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.50.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794510/; classtype:trojan-activity;sid:84657610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.238.173.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794509/; classtype:trojan-activity;sid:84657609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.42.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794508/; classtype:trojan-activity;sid:84657608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.68.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794507/; classtype:trojan-activity;sid:84657607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.215.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794506/; classtype:trojan-activity;sid:84657606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794501)"; flow:established,from_client; content:"GET"; http_method; content:"/xdlol.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794501/; classtype:trojan-activity;sid:84657601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794502)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr."; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794502/; classtype:trojan-activity;sid:84657602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794503)"; flow:established,from_client; content:"GET"; http_method; content:"/xdlol.arm4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794503/; classtype:trojan-activity;sid:84657603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794504)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sparc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.141.26.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794504/; classtype:trojan-activity;sid:84657604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794505)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.141.26.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794505/; classtype:trojan-activity;sid:84657605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.173.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794500/; classtype:trojan-activity;sid:84657600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.218.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794499/; classtype:trojan-activity;sid:84657599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794498)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8548282130/k6ipivm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794498/; classtype:trojan-activity;sid:84657598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.5.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794497/; classtype:trojan-activity;sid:84657597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794496)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=vzwgfgecvwlhdcni"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"7o9ige3i.documentarygo.digital"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794496/; classtype:trojan-activity;sid:84657596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.215.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794495/; classtype:trojan-activity;sid:84657595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.68.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794494/; classtype:trojan-activity;sid:84657594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.5.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794493/; classtype:trojan-activity;sid:84657593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.218.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794492/; classtype:trojan-activity;sid:84657592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.234.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794491/; classtype:trojan-activity;sid:84657591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.3.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794490/; classtype:trojan-activity;sid:84657590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.107.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794489/; classtype:trojan-activity;sid:84657589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.40.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794488/; classtype:trojan-activity;sid:84657588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.68.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794487/; classtype:trojan-activity;sid:84657587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.3.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794486/; classtype:trojan-activity;sid:84657586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.71.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794485/; classtype:trojan-activity;sid:84657585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.40.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794484/; classtype:trojan-activity;sid:84657584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.79.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794483/; classtype:trojan-activity;sid:84657583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.14.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794482/; classtype:trojan-activity;sid:84657582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.201.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794481/; classtype:trojan-activity;sid:84657581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.10.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794480/; classtype:trojan-activity;sid:84657580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.68.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794479/; classtype:trojan-activity;sid:84657579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794478)"; flow:established,from_client; content:"GET"; http_method; content:"/iat.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"130.12.181.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794478/; classtype:trojan-activity;sid:84657578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.198.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794477/; classtype:trojan-activity;sid:84657577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.14.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794476/; classtype:trojan-activity;sid:84657576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.79.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794475/; classtype:trojan-activity;sid:84657575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794474)"; flow:established,from_client; content:"GET"; http_method; content:"/predator-varying"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.219.23.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794474/; classtype:trojan-activity;sid:84657574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.201.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794473/; classtype:trojan-activity;sid:84657573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.107.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794472/; classtype:trojan-activity;sid:84657572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794471)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8635093259/fh1zhu4.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794471/; classtype:trojan-activity;sid:84657571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.219.4.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794470/; classtype:trojan-activity;sid:84657570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.254.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794469/; classtype:trojan-activity;sid:84657569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.10.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794468/; classtype:trojan-activity;sid:84657568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.94.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794467/; classtype:trojan-activity;sid:84657567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.115.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794466/; classtype:trojan-activity;sid:84657566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.38.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794465/; classtype:trojan-activity;sid:84657565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794464)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8425384370/xo3ti4x.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794464/; classtype:trojan-activity;sid:84657564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.175.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794463/; classtype:trojan-activity;sid:84657563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.31.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794462/; classtype:trojan-activity;sid:84657562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.74.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794461/; classtype:trojan-activity;sid:84657561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.38.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794460/; classtype:trojan-activity;sid:84657560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.175.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794459/; classtype:trojan-activity;sid:84657559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.220.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794458/; classtype:trojan-activity;sid:84657558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.31.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794457/; classtype:trojan-activity;sid:84657557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.95.215.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794456/; classtype:trojan-activity;sid:84657556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.220.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794455/; classtype:trojan-activity;sid:84657555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.152.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794454/; classtype:trojan-activity;sid:84657554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.1.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794453/; classtype:trojan-activity;sid:84657553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.38.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794452/; classtype:trojan-activity;sid:84657552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.148.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794451/; classtype:trojan-activity;sid:84657551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.71.131.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794450/; classtype:trojan-activity;sid:84657550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.242.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794449/; classtype:trojan-activity;sid:84657549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.38.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794448/; classtype:trojan-activity;sid:84657548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.152.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794447/; classtype:trojan-activity;sid:84657547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.162.6.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794446/; classtype:trojan-activity;sid:84657546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794445/; classtype:trojan-activity;sid:84657545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.80.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794444/; classtype:trojan-activity;sid:84657544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.242.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794443/; classtype:trojan-activity;sid:84657543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.60.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794442/; classtype:trojan-activity;sid:84657542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.26.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794441/; classtype:trojan-activity;sid:84657541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.208.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794440/; classtype:trojan-activity;sid:84657540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.116.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794439/; classtype:trojan-activity;sid:84657539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.138.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794438/; classtype:trojan-activity;sid:84657538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.26.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794437/; classtype:trojan-activity;sid:84657537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.208.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794436/; classtype:trojan-activity;sid:84657536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.60.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794435/; classtype:trojan-activity;sid:84657535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.231.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794434/; classtype:trojan-activity;sid:84657534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.63.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794433/; classtype:trojan-activity;sid:84657533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.231.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794432/; classtype:trojan-activity;sid:84657532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.63.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794431/; classtype:trojan-activity;sid:84657531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.46.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794430/; classtype:trojan-activity;sid:84657530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.233.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794429/; classtype:trojan-activity;sid:84657529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.249.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794428/; classtype:trojan-activity;sid:84657528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.193.117.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794427/; classtype:trojan-activity;sid:84657527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.193.117.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794426/; classtype:trojan-activity;sid:84657526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.233.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794425/; classtype:trojan-activity;sid:84657525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.0.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794424/; classtype:trojan-activity;sid:84657524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.249.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794423/; classtype:trojan-activity;sid:84657523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.2.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794422/; classtype:trojan-activity;sid:84657522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794420)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.141.26.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794420/; classtype:trojan-activity;sid:84657520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.225.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794421/; classtype:trojan-activity;sid:84657521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794418)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.141.26.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794418/; classtype:trojan-activity;sid:84657518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794419)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.141.26.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794419/; classtype:trojan-activity;sid:84657519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794417)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.141.26.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794417/; classtype:trojan-activity;sid:84657517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794414)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.141.26.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794414/; classtype:trojan-activity;sid:84657514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794415)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.141.26.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794415/; classtype:trojan-activity;sid:84657515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794416)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.141.26.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794416/; classtype:trojan-activity;sid:84657516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794408)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.141.26.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794408/; classtype:trojan-activity;sid:84657508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794409)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.141.26.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794409/; classtype:trojan-activity;sid:84657509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794410)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.141.26.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794410/; classtype:trojan-activity;sid:84657510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794411)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.141.26.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794411/; classtype:trojan-activity;sid:84657511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794412)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.141.26.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794412/; classtype:trojan-activity;sid:84657512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794413)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.141.26.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794413/; classtype:trojan-activity;sid:84657513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.2.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794407/; classtype:trojan-activity;sid:84657507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794406)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794406/; classtype:trojan-activity;sid:84657506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794403)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794403/; classtype:trojan-activity;sid:84657503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794404)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794404/; classtype:trojan-activity;sid:84657504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794405)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794405/; classtype:trojan-activity;sid:84657505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794399)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794399/; classtype:trojan-activity;sid:84657499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794400)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794400/; classtype:trojan-activity;sid:84657500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794401)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794401/; classtype:trojan-activity;sid:84657501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794402)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794402/; classtype:trojan-activity;sid:84657502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794398)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.121.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794398/; classtype:trojan-activity;sid:84657498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.137.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794397/; classtype:trojan-activity;sid:84657497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.103.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794396/; classtype:trojan-activity;sid:84657496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.210.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794395/; classtype:trojan-activity;sid:84657495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.137.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794393/; classtype:trojan-activity;sid:84657493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.11.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794394/; classtype:trojan-activity;sid:84657494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.144.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794392/; classtype:trojan-activity;sid:84657492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.208.166.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794391/; classtype:trojan-activity;sid:84657491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.210.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794390/; classtype:trojan-activity;sid:84657490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.103.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794389/; classtype:trojan-activity;sid:84657489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.28.83"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794388/; classtype:trojan-activity;sid:84657488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.239.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794387/; classtype:trojan-activity;sid:84657487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794386)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_bin_dir/nullnet_load.x86_64"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"161.97.148.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794386/; classtype:trojan-activity;sid:84657486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794385)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_bin_dir/nullnet_load.mips"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"vmi3114056.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794385/; classtype:trojan-activity;sid:84657485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794374)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_bin_dir/nullnet_load.spc"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"161.97.148.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794374/; classtype:trojan-activity;sid:84657474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794375)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_bin_dir/nullnet_load.i686"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"161.97.148.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794375/; classtype:trojan-activity;sid:84657475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794376)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_bin_dir/nullnet_load.x86"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"161.97.148.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794376/; classtype:trojan-activity;sid:84657476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794377)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_bin_dir/nullnet_load.arm7"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"161.97.148.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794377/; classtype:trojan-activity;sid:84657477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794378)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_bin_dir/nullnet_load.arm5"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"161.97.148.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794378/; classtype:trojan-activity;sid:84657478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794379)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_bin_dir/nullnet_load.arc"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"161.97.148.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794379/; classtype:trojan-activity;sid:84657479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794380)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_bin_dir/nullnet_load.arm"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"161.97.148.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794380/; classtype:trojan-activity;sid:84657480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794381)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_bin_dir/nullnet_load.ppc"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"161.97.148.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794381/; classtype:trojan-activity;sid:84657481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794382)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_bin_dir/nullnet_load.arm6"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"161.97.148.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794382/; classtype:trojan-activity;sid:84657482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794383)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_bin_dir/nullnet_load.mpsl"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"161.97.148.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794383/; classtype:trojan-activity;sid:84657483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794384)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_bin_dir/nullnet_load.sh4"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"161.97.148.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794384/; classtype:trojan-activity;sid:84657484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794371)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_bin_dir/nullnet_load.m68k"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"161.97.148.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794371/; classtype:trojan-activity;sid:84657471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794372)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_bin_dir/nullnet_load.i486"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"161.97.148.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794372/; classtype:trojan-activity;sid:84657472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794373)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_bin_dir/nullnet_load.mips"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"161.97.148.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794373/; classtype:trojan-activity;sid:84657473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.144.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794370/; classtype:trojan-activity;sid:84657470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.239.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794369/; classtype:trojan-activity;sid:84657469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794368)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/wget.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794368/; classtype:trojan-activity;sid:84657468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.25.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794367/; classtype:trojan-activity;sid:84657467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.71.211"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794366/; classtype:trojan-activity;sid:84657466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.165.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794365/; classtype:trojan-activity;sid:84657465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.186.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794364/; classtype:trojan-activity;sid:84657464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.28.83"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794363/; classtype:trojan-activity;sid:84657463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.227.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794362/; classtype:trojan-activity;sid:84657462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.165.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794361/; classtype:trojan-activity;sid:84657461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.187.82.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794360/; classtype:trojan-activity;sid:84657460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794359)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8441193572/i8n8jbr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794359/; classtype:trojan-activity;sid:84657459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.216.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794358/; classtype:trojan-activity;sid:84657458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.191.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794356/; classtype:trojan-activity;sid:84657456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.127.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794357/; classtype:trojan-activity;sid:84657457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.227.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794355/; classtype:trojan-activity;sid:84657455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.27.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794354/; classtype:trojan-activity;sid:84657454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.23.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794353/; classtype:trojan-activity;sid:84657453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.254.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794352/; classtype:trojan-activity;sid:84657452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.23.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794351/; classtype:trojan-activity;sid:84657451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.127.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794350/; classtype:trojan-activity;sid:84657450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.10.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794349/; classtype:trojan-activity;sid:84657449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.191.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794348/; classtype:trojan-activity;sid:84657448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.13.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794347/; classtype:trojan-activity;sid:84657447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.13.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794346/; classtype:trojan-activity;sid:84657446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.59.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794345/; classtype:trojan-activity;sid:84657445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.114.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794344/; classtype:trojan-activity;sid:84657444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.114.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794342/; classtype:trojan-activity;sid:84657442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.226.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794343/; classtype:trojan-activity;sid:84657443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.110.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794341/; classtype:trojan-activity;sid:84657441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.203.134.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794340/; classtype:trojan-activity;sid:84657440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794339)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8167064937/l2bur1u.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794339/; classtype:trojan-activity;sid:84657439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.59.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794338/; classtype:trojan-activity;sid:84657438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"166.48.94.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794337/; classtype:trojan-activity;sid:84657437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794336)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"myspace.ambertide.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794336/; classtype:trojan-activity;sid:84657436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794335)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"light-way.ambertide.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794335/; classtype:trojan-activity;sid:84657435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794334)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"fire-v12.ambertide.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794334/; classtype:trojan-activity;sid:84657434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.186.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794333/; classtype:trojan-activity;sid:84657433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794332)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cold-peak.ambertide.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794332/; classtype:trojan-activity;sid:84657432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.185.93.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794331/; classtype:trojan-activity;sid:84657431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.248.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794330/; classtype:trojan-activity;sid:84657430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794329)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.131.182.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794329/; classtype:trojan-activity;sid:84657429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.42.89.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794328/; classtype:trojan-activity;sid:84657428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.75.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794327/; classtype:trojan-activity;sid:84657427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794326)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"datalink.valeriana.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794326/; classtype:trojan-activity;sid:84657426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794325)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"point-up.valeriana.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794325/; classtype:trojan-activity;sid:84657425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794324)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"home-90.valeriana.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794324/; classtype:trojan-activity;sid:84657424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794323)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"smart-fix.valeriana.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794323/; classtype:trojan-activity;sid:84657423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794322)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"stepforward.novalento.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794322/; classtype:trojan-activity;sid:84657422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.75.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794321/; classtype:trojan-activity;sid:84657421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.106.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794320/; classtype:trojan-activity;sid:84657420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.227.85.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794319/; classtype:trojan-activity;sid:84657419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.40.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794318/; classtype:trojan-activity;sid:84657418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.75.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794317/; classtype:trojan-activity;sid:84657417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794316)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"quick-7.novalento.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794316/; classtype:trojan-activity;sid:84657416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.106.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794315/; classtype:trojan-activity;sid:84657415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794314)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"red-stone.novalento.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794314/; classtype:trojan-activity;sid:84657414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.164.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794313/; classtype:trojan-activity;sid:84657413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794312)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"softweb.silvaterra.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794312/; classtype:trojan-activity;sid:84657412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.30.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794311/; classtype:trojan-activity;sid:84657411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794310)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"main-hub.silvaterra.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794310/; classtype:trojan-activity;sid:84657410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794309)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"urban-01.silvaterra.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794309/; classtype:trojan-activity;sid:84657409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794308)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"long-path.silvaterra.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794308/; classtype:trojan-activity;sid:84657408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794307)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bestway.miravento.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794307/; classtype:trojan-activity;sid:84657407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.164.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794306/; classtype:trojan-activity;sid:84657406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.237.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794305/; classtype:trojan-activity;sid:84657405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794304)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"go-99.miravento.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794304/; classtype:trojan-activity;sid:84657404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794303)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"site-top.miravento.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794303/; classtype:trojan-activity;sid:84657403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794302)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"fresh-air.miravento.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794302/; classtype:trojan-activity;sid:84657402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794301)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7903503838/r3nzf65.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794301/; classtype:trojan-activity;sid:84657401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794300)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cool-11.lunavilla.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794300/; classtype:trojan-activity;sid:84657400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794299)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"starlink.lunavilla.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794299/; classtype:trojan-activity;sid:84657399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794298)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"gold-v5.lunavilla.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794298/; classtype:trojan-activity;sid:84657398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.68.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794297/; classtype:trojan-activity;sid:84657397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794296)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.213.240.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794296/; classtype:trojan-activity;sid:84657396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794295)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"deep-space.lunavilla.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794295/; classtype:trojan-activity;sid:84657395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794294)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.213.240.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794294/; classtype:trojan-activity;sid:84657394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794288)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.213.240.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794288/; classtype:trojan-activity;sid:84657388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794289)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.213.240.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794289/; classtype:trojan-activity;sid:84657389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794290)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.213.240.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794290/; classtype:trojan-activity;sid:84657390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794291)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.213.240.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794291/; classtype:trojan-activity;sid:84657391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794292)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.213.240.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794292/; classtype:trojan-activity;sid:84657392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794293)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.213.240.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794293/; classtype:trojan-activity;sid:84657393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794286)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.213.240.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794286/; classtype:trojan-activity;sid:84657386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794287)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pspc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.213.240.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794287/; classtype:trojan-activity;sid:84657387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794285)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"newpoint.estrellis.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794285/; classtype:trojan-activity;sid:84657385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.68.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794284/; classtype:trojan-activity;sid:84657384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794283)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"just-up.estrellis.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794283/; classtype:trojan-activity;sid:84657383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.239.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794282/; classtype:trojan-activity;sid:84657382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.253.93.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794281/; classtype:trojan-activity;sid:84657381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.137.250.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794280/; classtype:trojan-activity;sid:84657380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794279)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"pureland3.estrellis.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794279/; classtype:trojan-activity;sid:84657379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.129.200.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794278/; classtype:trojan-activity;sid:84657378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794277)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"wild-river.estrellis.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794277/; classtype:trojan-activity;sid:84657377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794276)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"fastcloud.solariana.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794276/; classtype:trojan-activity;sid:84657376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794275)"; flow:established,from_client; content:"GET"; http_method; content:"/files/2061374227/2hl1isg.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794275/; classtype:trojan-activity;sid:84657375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.253.93.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794274/; classtype:trojan-activity;sid:84657374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.239.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794273/; classtype:trojan-activity;sid:84657373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.235.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794272/; classtype:trojan-activity;sid:84657372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794271)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"clear-sky.solariana.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794271/; classtype:trojan-activity;sid:84657371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.97.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794270/; classtype:trojan-activity;sid:84657370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794269)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bright-9.solariana.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794269/; classtype:trojan-activity;sid:84657369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.78.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794268/; classtype:trojan-activity;sid:84657368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.71.211"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794267/; classtype:trojan-activity;sid:84657367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.97.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794266/; classtype:trojan-activity;sid:84657366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794265)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7903503838/pgy75fu.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794265/; classtype:trojan-activity;sid:84657365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.126.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794264/; classtype:trojan-activity;sid:84657364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794263)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"easygo.altovante.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794263/; classtype:trojan-activity;sid:84657363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.129.200.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794262/; classtype:trojan-activity;sid:84657362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.225.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794261/; classtype:trojan-activity;sid:84657361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794260)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"top-line1.altovante.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794260/; classtype:trojan-activity;sid:84657360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794259)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"skydream.altovante.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794259/; classtype:trojan-activity;sid:84657359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794258)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"green-road.altovante.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794258/; classtype:trojan-activity;sid:84657358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.78.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794257/; classtype:trojan-activity;sid:84657357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.241.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794256/; classtype:trojan-activity;sid:84657356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.74.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794255/; classtype:trojan-activity;sid:84657355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794254)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"openview.ventomaris.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794254/; classtype:trojan-activity;sid:84657354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794253)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sun-88.ventomaris.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794253/; classtype:trojan-activity;sid:84657353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794252)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"quickpage.ventomaris.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794252/; classtype:trojan-activity;sid:84657352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794251)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"blue-forest7.ventomaris.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794251/; classtype:trojan-activity;sid:84657351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.181.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794250/; classtype:trojan-activity;sid:84657350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.198.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794249/; classtype:trojan-activity;sid:84657349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.165.253.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794248/; classtype:trojan-activity;sid:84657348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.181.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794247/; classtype:trojan-activity;sid:84657347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.241.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794246/; classtype:trojan-activity;sid:84657346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.127.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794245/; classtype:trojan-activity;sid:84657345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.165.253.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794244/; classtype:trojan-activity;sid:84657344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.118.189.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794243/; classtype:trojan-activity;sid:84657343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.74.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794242/; classtype:trojan-activity;sid:84657342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.74.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794241/; classtype:trojan-activity;sid:84657341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.189.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794240/; classtype:trojan-activity;sid:84657340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.134.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794239/; classtype:trojan-activity;sid:84657339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.109.242.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794238/; classtype:trojan-activity;sid:84657338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794237)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mer-forgea.sightup.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794237/; classtype:trojan-activity;sid:84657337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794236)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"refinewinter.sightup.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794236/; classtype:trojan-activity;sid:84657336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794235)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ultra-5tric.sightup.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794235/; classtype:trojan-activity;sid:84657335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.23.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794234/; classtype:trojan-activity;sid:84657334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.237.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794233/; classtype:trojan-activity;sid:84657333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.27.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794232/; classtype:trojan-activity;sid:84657332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.109.242.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794231/; classtype:trojan-activity;sid:84657331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.90.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794230/; classtype:trojan-activity;sid:84657330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.157.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794229/; classtype:trojan-activity;sid:84657329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.216.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794228/; classtype:trojan-activity;sid:84657328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.126.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794227/; classtype:trojan-activity;sid:84657327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.145.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794226/; classtype:trojan-activity;sid:84657326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.3.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794225/; classtype:trojan-activity;sid:84657325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794224)"; flow:established,from_client; content:"GET"; http_method; content:"/5/items/msi-pro-with/msi_pro_with.png"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"ia601609.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794224/; classtype:trojan-activity;sid:84657324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794223)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|filename=img_063210.png"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"bafybeibwz6lzwo6u5gkhp3ydl4te3hl3plfkypox6mnejssqwfrpdsmqoy.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794223/; classtype:trojan-activity;sid:84657323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.145.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794221/; classtype:trojan-activity;sid:84657321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.27.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794222/; classtype:trojan-activity;sid:84657322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794220)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"metr1-hinge.skyip.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794220/; classtype:trojan-activity;sid:84657320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.157.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794219/; classtype:trojan-activity;sid:84657319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794218)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"uxcas7x8.skyip.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794218/; classtype:trojan-activity;sid:84657318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"38.52.142.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794217/; classtype:trojan-activity;sid:84657317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.141.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794216/; classtype:trojan-activity;sid:84657316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794215)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"thicketglobal.skyip.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794215/; classtype:trojan-activity;sid:84657315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.160.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794214/; classtype:trojan-activity;sid:84657314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.127.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794213/; classtype:trojan-activity;sid:84657313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.3.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794212/; classtype:trojan-activity;sid:84657312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794211)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"napc.skyip.in.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794211/; classtype:trojan-activity;sid:84657311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.52.142.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794210/; classtype:trojan-activity;sid:84657310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.67.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794209/; classtype:trojan-activity;sid:84657309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.255.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794208/; classtype:trojan-activity;sid:84657308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.226.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794207/; classtype:trojan-activity;sid:84657307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.98.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794206/; classtype:trojan-activity;sid:84657306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.193.123.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794205/; classtype:trojan-activity;sid:84657305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.88.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794204/; classtype:trojan-activity;sid:84657304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.113.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794203/; classtype:trojan-activity;sid:84657303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.255.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794202/; classtype:trojan-activity;sid:84657302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.98.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794201/; classtype:trojan-activity;sid:84657301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.160.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794200/; classtype:trojan-activity;sid:84657300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.193.123.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794199/; classtype:trojan-activity;sid:84657299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.70.100.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794198/; classtype:trojan-activity;sid:84657298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"136.60.32.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794197/; classtype:trojan-activity;sid:84657297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.184.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794196/; classtype:trojan-activity;sid:84657296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.27.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794195/; classtype:trojan-activity;sid:84657295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794194)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.141.26.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794194/; classtype:trojan-activity;sid:84657294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"136.60.32.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794193/; classtype:trojan-activity;sid:84657293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.83.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794192/; classtype:trojan-activity;sid:84657292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.242.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794191/; classtype:trojan-activity;sid:84657291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.70.100.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794190/; classtype:trojan-activity;sid:84657290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.73.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794189/; classtype:trojan-activity;sid:84657289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.27.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794188/; classtype:trojan-activity;sid:84657288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.192.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794187/; classtype:trojan-activity;sid:84657287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.116.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794186/; classtype:trojan-activity;sid:84657286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.116.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794185/; classtype:trojan-activity;sid:84657285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.83.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794184/; classtype:trojan-activity;sid:84657284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.221.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794183/; classtype:trojan-activity;sid:84657283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.73.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794182/; classtype:trojan-activity;sid:84657282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.192.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794181/; classtype:trojan-activity;sid:84657281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.242.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794180/; classtype:trojan-activity;sid:84657280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.221.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794178/; classtype:trojan-activity;sid:84657278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.161.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794179/; classtype:trojan-activity;sid:84657279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.238.189.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794177/; classtype:trojan-activity;sid:84657277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.247.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794176/; classtype:trojan-activity;sid:84657276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.135.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794175/; classtype:trojan-activity;sid:84657275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.161.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794174/; classtype:trojan-activity;sid:84657274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.238.189.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794173/; classtype:trojan-activity;sid:84657273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.40.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794172/; classtype:trojan-activity;sid:84657272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.40.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794171/; classtype:trojan-activity;sid:84657271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.177.99.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794170/; classtype:trojan-activity;sid:84657270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.153.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794169/; classtype:trojan-activity;sid:84657269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.151.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794168/; classtype:trojan-activity;sid:84657268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.40.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794167/; classtype:trojan-activity;sid:84657267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.93.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794166/; classtype:trojan-activity;sid:84657266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.153.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794165/; classtype:trojan-activity;sid:84657265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.233.244.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794164/; classtype:trojan-activity;sid:84657264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794163)"; flow:established,from_client; content:"GET"; http_method; content:"/dick.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.90.61.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794163/; classtype:trojan-activity;sid:84657263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.93.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794162/; classtype:trojan-activity;sid:84657262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.134.254.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794161/; classtype:trojan-activity;sid:84657261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.74.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794160/; classtype:trojan-activity;sid:84657260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.71.131.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794159/; classtype:trojan-activity;sid:84657259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794158)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"fjnghv.fastlog.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794158/; classtype:trojan-activity;sid:84657258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.26.227.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794157/; classtype:trojan-activity;sid:84657257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.27.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794156/; classtype:trojan-activity;sid:84657256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794155)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"gate-gri.fastlog.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794155/; classtype:trojan-activity;sid:84657255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.86.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794154/; classtype:trojan-activity;sid:84657254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.80.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794153/; classtype:trojan-activity;sid:84657253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794152)"; flow:established,from_client; content:"GET"; http_method; content:"/curl/62724e7a17370145626f76d82d7da73c6925fd1aaeca39d7414f057e92001aad"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"woupp.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794152/; classtype:trojan-activity;sid:84657252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.29.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794151/; classtype:trojan-activity;sid:84657251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794150)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7453936223/kaq8pq5.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794150/; classtype:trojan-activity;sid:84657250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.29.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794149/; classtype:trojan-activity;sid:84657249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.86.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794148/; classtype:trojan-activity;sid:84657248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.80.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794147/; classtype:trojan-activity;sid:84657247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.74.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794146/; classtype:trojan-activity;sid:84657246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794145)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iondawn.checksum.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794145/; classtype:trojan-activity;sid:84657245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.103.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794144/; classtype:trojan-activity;sid:84657244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794143)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"n4rro5-panel.checksum.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794143/; classtype:trojan-activity;sid:84657243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794142)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"civilsandbo.whitelist.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794142/; classtype:trojan-activity;sid:84657242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.103.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794141/; classtype:trojan-activity;sid:84657241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794140)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"root3-layer.whitelist.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794140/; classtype:trojan-activity;sid:84657240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.195.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794139/; classtype:trojan-activity;sid:84657239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.103.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794138/; classtype:trojan-activity;sid:84657238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794137)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ukixhx.whitelist.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794137/; classtype:trojan-activity;sid:84657237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794136)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"zrvkmhps.bestlog.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794136/; classtype:trojan-activity;sid:84657236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794135)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ch3ck-spark.bestlog.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794135/; classtype:trojan-activity;sid:84657235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.103.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794134/; classtype:trojan-activity;sid:84657234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794133)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"uth9.bestlog.in.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794133/; classtype:trojan-activity;sid:84657233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794132)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"gran-pra.bestlog.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794132/; classtype:trojan-activity;sid:84657232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794131)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ri4w.backlog.in.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794131/; classtype:trojan-activity;sid:84657231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794130)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"parsegri.backlog.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794130/; classtype:trojan-activity;sid:84657230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.234.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794129/; classtype:trojan-activity;sid:84657229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794128)"; flow:established,from_client; content:"GET"; http_method; content:"/32tyughwjkem/encrypt.ps1"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"rewardhunt.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794128/; classtype:trojan-activity;sid:84657228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794127)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hw94h.backlog.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794127/; classtype:trojan-activity;sid:84657227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.233.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794126/; classtype:trojan-activity;sid:84657226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794125)"; flow:established,from_client; content:"GET"; http_method; content:"/download/optimized_msi_20260309/optimized_msi.png"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"archive.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794125/; classtype:trojan-activity;sid:84657225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794124)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"9rfio.backlog.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794124/; classtype:trojan-activity;sid:84657224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794123)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"photo-id5631894.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794123/; classtype:trojan-activity;sid:84657223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794122)"; flow:established,from_client; content:"GET"; http_method; content:"/encrytpt.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"blue-oceans.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794122/; classtype:trojan-activity;sid:84657222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794121)"; flow:established,from_client; content:"GET"; http_method; content:"/encryptss.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"casadoserralheirosaocarlos.com.br"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794121/; classtype:trojan-activity;sid:84657221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794120)"; flow:established,from_client; content:"GET"; http_method; content:"/encrypt.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"sixmexicos.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794120/; classtype:trojan-activity;sid:84657220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794119)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"flowpassive.logcheck.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794119/; classtype:trojan-activity;sid:84657219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.53.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794118/; classtype:trojan-activity;sid:84657218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.234.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794117/; classtype:trojan-activity;sid:84657217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794116)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iqkd.logcheck.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794116/; classtype:trojan-activity;sid:84657216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794115)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"neo-tru3.logcheck.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794115/; classtype:trojan-activity;sid:84657215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.146.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794114/; classtype:trojan-activity;sid:84657214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.121.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794113/; classtype:trojan-activity;sid:84657213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.2.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794111/; classtype:trojan-activity;sid:84657211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.30.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794112/; classtype:trojan-activity;sid:84657212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794110)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/jefopmg.txt"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"greenfields-world.cc"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794110/; classtype:trojan-activity;sid:84657210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794109)"; flow:established,from_client; content:"GET"; http_method; content:"/download/direct/793ff904-1286-4d9d-b4be-4c6c46e867f0/231_20260311.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"file-eu-gra-1.gofile.io"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794109/; classtype:trojan-activity;sid:84657209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794107)"; flow:established,from_client; content:"GET"; http_method; content:"/ksnapd0"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"109.236.48.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794107/; classtype:trojan-activity;sid:84657207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794108)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"rkxv.keysum.in.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794108/; classtype:trojan-activity;sid:84657208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794104)"; flow:established,from_client; content:"GET"; http_method; content:"/asyncdecenimg_050306.png"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"compimento.ba"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794104/; classtype:trojan-activity;sid:84657204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794105)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"modern8-signal.logcheck.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794105/; classtype:trojan-activity;sid:84657205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794106)"; flow:established,from_client; content:"GET"; http_method; content:"/favicon.ico"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.137.224.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794106/; classtype:trojan-activity;sid:84657206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794103)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"genefrost.keysum.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794103/; classtype:trojan-activity;sid:84657203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794101)"; flow:established,from_client; content:"GET"; http_method; content:"/1.rar"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"wire2spell.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794101/; classtype:trojan-activity;sid:84657201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794102)"; flow:established,from_client; content:"GET"; http_method; content:"/download/android%e7%89%88.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"spjx-1k1.pages.dev"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794102/; classtype:trojan-activity;sid:84657202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794099)"; flow:established,from_client; content:"GET"; http_method; content:"/kswapd1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"109.236.48.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794099/; classtype:trojan-activity;sid:84657199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794100)"; flow:established,from_client; content:"GET"; http_method; content:"/vredisd0"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"109.236.48.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794100/; classtype:trojan-activity;sid:84657200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794097)"; flow:established,from_client; content:"GET"; http_method; content:"/ethd0"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"109.236.48.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794097/; classtype:trojan-activity;sid:84657197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794098)"; flow:established,from_client; content:"GET"; http_method; content:"/kvmirqd"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"109.236.48.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794098/; classtype:trojan-activity;sid:84657198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794085)"; flow:established,from_client; content:"GET"; http_method; content:"/sp-ankki-pankki/spankki.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"guillaumerobin.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794085/; classtype:trojan-activity;sid:84657185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794086)"; flow:established,from_client; content:"GET"; http_method; content:"/kpsmoused0"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"109.236.48.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794086/; classtype:trojan-activity;sid:84657186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794087)"; flow:established,from_client; content:"GET"; http_method; content:"/devfreqd0"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.236.48.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794087/; classtype:trojan-activity;sid:84657187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794088)"; flow:established,from_client; content:"GET"; http_method; content:"/ttmswapd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"109.236.48.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794088/; classtype:trojan-activity;sid:84657188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794089)"; flow:established,from_client; content:"GET"; http_method; content:"/biosd0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.236.48.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794089/; classtype:trojan-activity;sid:84657189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794090)"; flow:established,from_client; content:"GET"; http_method; content:"/deferwqd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"109.236.48.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794090/; classtype:trojan-activity;sid:84657190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794091)"; flow:established,from_client; content:"GET"; http_method; content:"/mdsync1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"109.236.48.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794091/; classtype:trojan-activity;sid:84657191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794092)"; flow:established,from_client; content:"GET"; http_method; content:"/kintegrity0"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"109.236.48.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794092/; classtype:trojan-activity;sid:84657192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794093)"; flow:established,from_client; content:"GET"; http_method; content:"/kworkerd0"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.236.48.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794093/; classtype:trojan-activity;sid:84657193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794094)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress%202026.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"pole-rt-inger.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794094/; classtype:trojan-activity;sid:84657194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794095)"; flow:established,from_client; content:"GET"; http_method; content:"/ip6addrd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"109.236.48.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794095/; classtype:trojan-activity;sid:84657195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794096)"; flow:established,from_client; content:"GET"; http_method; content:"/789.ps1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"6.ddns.me"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794096/; classtype:trojan-activity;sid:84657196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794079)"; flow:established,from_client; content:"GET"; http_method; content:"/static/setup/autocad_v1.4.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"cad.659t.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794079/; classtype:trojan-activity;sid:84657179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794080)"; flow:established,from_client; content:"GET"; http_method; content:"/spankki-suomi/spankki.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"guillaumerobin.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794080/; classtype:trojan-activity;sid:84657180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794081)"; flow:established,from_client; content:"GET"; http_method; content:"/smobillispankki/spankki.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"guillaumerobin.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794081/; classtype:trojan-activity;sid:84657181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794082)"; flow:established,from_client; content:"GET"; http_method; content:"/spankki-zi/spankki.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"guillaumerobin.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794082/; classtype:trojan-activity;sid:84657182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794083)"; flow:established,from_client; content:"GET"; http_method; content:"/pankki2026/spankki.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"guillaumerobin.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794083/; classtype:trojan-activity;sid:84657183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794084)"; flow:established,from_client; content:"GET"; http_method; content:"/2026-pankki/spankki.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"guillaumerobin.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794084/; classtype:trojan-activity;sid:84657184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.23.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794078/; classtype:trojan-activity;sid:84657178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.146.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794077/; classtype:trojan-activity;sid:84657177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.3.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794076/; classtype:trojan-activity;sid:84657176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794075)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tr4c-craft.keysum.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794075/; classtype:trojan-activity;sid:84657175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794074)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"8uasm.keysum.in.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794074/; classtype:trojan-activity;sid:84657174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794073)"; flow:established,from_client; content:"GET"; http_method; content:"/otigfght/mprgioi.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"valfanto.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794073/; classtype:trojan-activity;sid:84657173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794072)"; flow:established,from_client; content:"GET"; http_method; content:"/we/qaqqqqq.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.240.55.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794072/; classtype:trojan-activity;sid:84657172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794071)"; flow:established,from_client; content:"GET"; http_method; content:"/we/secured.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.240.55.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794071/; classtype:trojan-activity;sid:84657171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794070)"; flow:established,from_client; content:"GET"; http_method; content:"/we/goodies.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.240.55.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794070/; classtype:trojan-activity;sid:84657170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794068)"; flow:established,from_client; content:"GET"; http_method; content:"/we/iye.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"38.240.55.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794068/; classtype:trojan-activity;sid:84657168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794069)"; flow:established,from_client; content:"GET"; http_method; content:"/we/secure.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"38.240.55.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794069/; classtype:trojan-activity;sid:84657169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794067)"; flow:established,from_client; content:"GET"; http_method; content:"/we/airr.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"38.240.55.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794067/; classtype:trojan-activity;sid:84657167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794063)"; flow:established,from_client; content:"GET"; http_method; content:"/we/cclass.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"38.240.55.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794063/; classtype:trojan-activity;sid:84657163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794064)"; flow:established,from_client; content:"GET"; http_method; content:"/we/encrypt.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.240.55.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794064/; classtype:trojan-activity;sid:84657164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794065)"; flow:established,from_client; content:"GET"; http_method; content:"/we/nightclass.ps1"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"38.240.55.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794065/; classtype:trojan-activity;sid:84657165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794066)"; flow:established,from_client; content:"GET"; http_method; content:"/we/bin.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"38.240.55.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794066/; classtype:trojan-activity;sid:84657166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794062)"; flow:established,from_client; content:"GET"; http_method; content:"/we/airgood.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.240.55.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794062/; classtype:trojan-activity;sid:84657162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794061)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"5wif5-leaf.testload.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794061/; classtype:trojan-activity;sid:84657161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.176.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794060/; classtype:trojan-activity;sid:84657160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794059)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"crat-mas.testload.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794059/; classtype:trojan-activity;sid:84657159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794058)"; flow:established,from_client; content:"GET"; http_method; content:"/web/encrypt1.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.210.186.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794058/; classtype:trojan-activity;sid:84657158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794057)"; flow:established,from_client; content:"GET"; http_method; content:"/web/encrypt.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"192.210.186.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794057/; classtype:trojan-activity;sid:84657157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794056)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"jvrkh.testload.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794056/; classtype:trojan-activity;sid:84657156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.221.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794054/; classtype:trojan-activity;sid:84657154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.2.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794055/; classtype:trojan-activity;sid:84657155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.149.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794053/; classtype:trojan-activity;sid:84657153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794052)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"audiosolar.testload.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794052/; classtype:trojan-activity;sid:84657152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794051)"; flow:established,from_client; content:"GET"; http_method; content:"/220/seethebesttimeforeverythingtolearn.js"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"96.44.159.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794051/; classtype:trojan-activity;sid:84657151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.233.244.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794050/; classtype:trojan-activity;sid:84657150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.174.242.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794049/; classtype:trojan-activity;sid:84657149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794047)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"194.156.102.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794047/; classtype:trojan-activity;sid:84657147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794048)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr."; http_uri; depth:14; isdataat:!1,relative; nocase; content:"192.109.200.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794048/; classtype:trojan-activity;sid:84657148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.186.239.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794046/; classtype:trojan-activity;sid:84657146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794045)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/dvr1.sh"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.225.187.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794045/; classtype:trojan-activity;sid:84657145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794043)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsle"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.148.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794043/; classtype:trojan-activity;sid:84657143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794044)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"2.192.102.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794044/; classtype:trojan-activity;sid:84657144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.14.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794042/; classtype:trojan-activity;sid:84657142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794041)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"crestrai.backtest.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794041/; classtype:trojan-activity;sid:84657141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.149.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794040/; classtype:trojan-activity;sid:84657140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794039)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"inv0ic-line.backtest.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794039/; classtype:trojan-activity;sid:84657139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.212.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794038/; classtype:trojan-activity;sid:84657138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.176.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794037/; classtype:trojan-activity;sid:84657137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.186.239.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794036/; classtype:trojan-activity;sid:84657136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794035)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"lumvenos.backtest.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794035/; classtype:trojan-activity;sid:84657135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.174.242.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794034/; classtype:trojan-activity;sid:84657134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794033)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bridg3-scope.backtest.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794033/; classtype:trojan-activity;sid:84657133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.14.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794032/; classtype:trojan-activity;sid:84657132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794031)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"alt-un1oad.lockoak.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794031/; classtype:trojan-activity;sid:84657131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.131.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794030/; classtype:trojan-activity;sid:84657130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.212.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794029/; classtype:trojan-activity;sid:84657129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.255.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794028/; classtype:trojan-activity;sid:84657128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.23.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794027/; classtype:trojan-activity;sid:84657127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794026)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nwul2j.lockoak.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794026/; classtype:trojan-activity;sid:84657126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.20.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794025/; classtype:trojan-activity;sid:84657125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794024)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"biiev.lockoak.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794024/; classtype:trojan-activity;sid:84657124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794023)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"timb-point.lockoak.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794023/; classtype:trojan-activity;sid:84657123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.23.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794022/; classtype:trojan-activity;sid:84657122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.141.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794021/; classtype:trojan-activity;sid:84657121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794020)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"fast-web.luminos.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794020/; classtype:trojan-activity;sid:84657120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794019)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=eeufqrxjlrufwdgv"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"5yjbyh7h.legalspeckle.digital"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794019/; classtype:trojan-activity;sid:84657119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794018)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"gold-day.luminos.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794018/; classtype:trojan-activity;sid:84657118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794017)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"space-hub.luminos.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794017/; classtype:trojan-activity;sid:84657117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.115.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794016/; classtype:trojan-activity;sid:84657116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794015)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"night-0.luminos.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794015/; classtype:trojan-activity;sid:84657115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.158.162.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794014/; classtype:trojan-activity;sid:84657114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.188.135.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794013/; classtype:trojan-activity;sid:84657113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794012)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"all-stars.velante.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794012/; classtype:trojan-activity;sid:84657112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.6.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794011/; classtype:trojan-activity;sid:84657111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794010)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"point-v.velante.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794010/; classtype:trojan-activity;sid:84657110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.26.202.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794009/; classtype:trojan-activity;sid:84657109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.193.107.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794008/; classtype:trojan-activity;sid:84657108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.74.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794007/; classtype:trojan-activity;sid:84657107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.74.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794006/; classtype:trojan-activity;sid:84657106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.188.135.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794005/; classtype:trojan-activity;sid:84657105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.151.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794004/; classtype:trojan-activity;sid:84657104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794003)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"up-down.velante.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794003/; classtype:trojan-activity;sid:84657103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.20.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794002/; classtype:trojan-activity;sid:84657102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.185.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794000/; classtype:trojan-activity;sid:84657100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.96.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794001/; classtype:trojan-activity;sid:84657101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.232.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793999/; classtype:trojan-activity;sid:84657099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.158.162.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793998/; classtype:trojan-activity;sid:84657098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.185.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793997/; classtype:trojan-activity;sid:84657097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.26.202.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793996/; classtype:trojan-activity;sid:84657096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793995)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"soft-touch.velante.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793995/; classtype:trojan-activity;sid:84657095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.193.107.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793994/; classtype:trojan-activity;sid:84657094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.6.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793993/; classtype:trojan-activity;sid:84657093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793992)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"free-99.silvura.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793992/; classtype:trojan-activity;sid:84657092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.232.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793991/; classtype:trojan-activity;sid:84657091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.118.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793990/; classtype:trojan-activity;sid:84657090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.0.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793989/; classtype:trojan-activity;sid:84657089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793988)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"land-site.silvura.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793988/; classtype:trojan-activity;sid:84657088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.183.55.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793987/; classtype:trojan-activity;sid:84657087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.38.93.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793986/; classtype:trojan-activity;sid:84657086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793985)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"quick-go.silvura.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793985/; classtype:trojan-activity;sid:84657085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.96.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793984/; classtype:trojan-activity;sid:84657084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.251.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793983/; classtype:trojan-activity;sid:84657083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793982)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"small-hub.silvura.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793982/; classtype:trojan-activity;sid:84657082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.116.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793980/; classtype:trojan-activity;sid:84657080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.215.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793981/; classtype:trojan-activity;sid:84657081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.116.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793979/; classtype:trojan-activity;sid:84657079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.172.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793978/; classtype:trojan-activity;sid:84657078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793977)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"deep-sea.estoria.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793977/; classtype:trojan-activity;sid:84657077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.56.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793976/; classtype:trojan-activity;sid:84657076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.19.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793974/; classtype:trojan-activity;sid:84657074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.33.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793975/; classtype:trojan-activity;sid:84657075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.38.93.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793973/; classtype:trojan-activity;sid:84657073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.172.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793972/; classtype:trojan-activity;sid:84657072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.73.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793971/; classtype:trojan-activity;sid:84657071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.251.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793970/; classtype:trojan-activity;sid:84657070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793969)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sunny9.estoria.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793969/; classtype:trojan-activity;sid:84657069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.215.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793968/; classtype:trojan-activity;sid:84657068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.56.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793965/; classtype:trojan-activity;sid:84657065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.69.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793966/; classtype:trojan-activity;sid:84657066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793967)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"new-place.estoria.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793967/; classtype:trojan-activity;sid:84657067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.118.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793964/; classtype:trojan-activity;sid:84657064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793963)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"wild-cat.estoria.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793963/; classtype:trojan-activity;sid:84657063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.71.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793962/; classtype:trojan-activity;sid:84657062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.181.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793961/; classtype:trojan-activity;sid:84657061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.19.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793960/; classtype:trojan-activity;sid:84657060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793959)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"start01.alverto.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793959/; classtype:trojan-activity;sid:84657059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.181.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793958/; classtype:trojan-activity;sid:84657058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793957)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"top-map.alverto.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793957/; classtype:trojan-activity;sid:84657057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.243.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793956/; classtype:trojan-activity;sid:84657056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.71.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793955/; classtype:trojan-activity;sid:84657055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793954)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"easy-fix.alverto.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793954/; classtype:trojan-activity;sid:84657054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.243.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793953/; classtype:trojan-activity;sid:84657053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793952)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"long-way.alverto.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793952/; classtype:trojan-activity;sid:84657052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.224.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793951/; classtype:trojan-activity;sid:84657051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.33.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793950/; classtype:trojan-activity;sid:84657050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.224.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793949/; classtype:trojan-activity;sid:84657049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793948)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"super-day.novalis.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793948/; classtype:trojan-activity;sid:84657048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.198.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793947/; classtype:trojan-activity;sid:84657047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.8.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793946/; classtype:trojan-activity;sid:84657046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793945)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"best7.novalis.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793945/; classtype:trojan-activity;sid:84657045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.175.184.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793944/; classtype:trojan-activity;sid:84657044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.243.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793943/; classtype:trojan-activity;sid:84657043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.229.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793942/; classtype:trojan-activity;sid:84657042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.141.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793941/; classtype:trojan-activity;sid:84657041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.4.74.65"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793940/; classtype:trojan-activity;sid:84657040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.187.179.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793939/; classtype:trojan-activity;sid:84657039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.141.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793938/; classtype:trojan-activity;sid:84657038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.7.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793937/; classtype:trojan-activity;sid:84657037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793936)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"only-one.novalis.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793936/; classtype:trojan-activity;sid:84657036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.160.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793933/; classtype:trojan-activity;sid:84657033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.160.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793934/; classtype:trojan-activity;sid:84657034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.67.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793935/; classtype:trojan-activity;sid:84657035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.179.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793932/; classtype:trojan-activity;sid:84657032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.1.51"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793931/; classtype:trojan-activity;sid:84657031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793930)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bright-up.novalis.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793930/; classtype:trojan-activity;sid:84657030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793929)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hot-line.mirante.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793929/; classtype:trojan-activity;sid:84657029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.4.74.65"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793928/; classtype:trojan-activity;sid:84657028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.56.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793927/; classtype:trojan-activity;sid:84657027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793926)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"clear-sky.mirante.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793926/; classtype:trojan-activity;sid:84657026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793925)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"simpleweb.mirante.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793925/; classtype:trojan-activity;sid:84657025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793924)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dream-12.mirante.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793924/; classtype:trojan-activity;sid:84657024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.7.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793923/; classtype:trojan-activity;sid:84657023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793922)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nextstep.solenta.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793922/; classtype:trojan-activity;sid:84657022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.66.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793921/; classtype:trojan-activity;sid:84657021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793920)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"old-3.solenta.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793920/; classtype:trojan-activity;sid:84657020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793919)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"big-city.solenta.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793919/; classtype:trojan-activity;sid:84657019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793918)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/o.xml"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793918/; classtype:trojan-activity;sid:84657018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793917)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8317147124/ugy77d4.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793917/; classtype:trojan-activity;sid:84657017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793916)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"coolstory.solenta.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793916/; classtype:trojan-activity;sid:84657016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793915)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"just-do.valora.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793915/; classtype:trojan-activity;sid:84657015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793914)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8317147124/kr7cptq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793914/; classtype:trojan-activity;sid:84657014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793913)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"green-land.valora.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793913/; classtype:trojan-activity;sid:84657013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.129.128.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793912/; classtype:trojan-activity;sid:84657012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.66.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793911/; classtype:trojan-activity;sid:84657011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793910)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"top88.valora.in.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793910/; classtype:trojan-activity;sid:84657010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793909)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/run.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793909/; classtype:trojan-activity;sid:84657009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793908)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"lucky-point.valora.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793908/; classtype:trojan-activity;sid:84657008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.131.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793907/; classtype:trojan-activity;sid:84657007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.133.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793906/; classtype:trojan-activity;sid:84657006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793905)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"myfolder.eluvia.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793905/; classtype:trojan-activity;sid:84657005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793904)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793904/; classtype:trojan-activity;sid:84657004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793902)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793902/; classtype:trojan-activity;sid:84657002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793903)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793903/; classtype:trojan-activity;sid:84657003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793901)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793901/; classtype:trojan-activity;sid:84657001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793899)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793899/; classtype:trojan-activity;sid:84656999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793900)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793900/; classtype:trojan-activity;sid:84657000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793898)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pspc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793898/; classtype:trojan-activity;sid:84656998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793894)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793894/; classtype:trojan-activity;sid:84656994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793895)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793895/; classtype:trojan-activity;sid:84656995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793896)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793896/; classtype:trojan-activity;sid:84656996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793897)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793897/; classtype:trojan-activity;sid:84656997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793893)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"fast-9.eluvia.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793893/; classtype:trojan-activity;sid:84656993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.61.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793892/; classtype:trojan-activity;sid:84656992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793891)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"openview.eluvia.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793891/; classtype:trojan-activity;sid:84656991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.249.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793890/; classtype:trojan-activity;sid:84656990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793889)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"blue-sky4.eluvia.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793889/; classtype:trojan-activity;sid:84656989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.133.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793888/; classtype:trojan-activity;sid:84656988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.229.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793887/; classtype:trojan-activity;sid:84656987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.97.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793886/; classtype:trojan-activity;sid:84656986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793885)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vw-8.weldoxis.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793885/; classtype:trojan-activity;sid:84656985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793884)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"st-4.weldoxis.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793884/; classtype:trojan-activity;sid:84656984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.177.98.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793883/; classtype:trojan-activity;sid:84656983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793882)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"qr-2.weldoxis.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793882/; classtype:trojan-activity;sid:84656982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793881)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mx-9.weldoxis.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793881/; classtype:trojan-activity;sid:84656981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.97.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793880/; classtype:trojan-activity;sid:84656980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.133.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793879/; classtype:trojan-activity;sid:84656979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793878)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"l0t05.exoruby.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793878/; classtype:trojan-activity;sid:84656978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.59.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793877/; classtype:trojan-activity;sid:84656977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.6.168.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793876/; classtype:trojan-activity;sid:84656976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793875)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"k7r11.exoruby.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793875/; classtype:trojan-activity;sid:84656975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.53.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793874/; classtype:trojan-activity;sid:84656974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793873)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"j1m44.exoruby.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793873/; classtype:trojan-activity;sid:84656973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793872)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"h9v22.exoruby.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793872/; classtype:trojan-activity;sid:84656972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.216.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3793871/; classtype:trojan-activity;sid:84656971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.6.168.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793870/; classtype:trojan-activity;sid:84656970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.133.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793869/; classtype:trojan-activity;sid:84656969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.177.98.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793868/; classtype:trojan-activity;sid:84656968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.211.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793867/; classtype:trojan-activity;sid:84656967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793866)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"88-m02.bryzand.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793866/; classtype:trojan-activity;sid:84656966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.61.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793865/; classtype:trojan-activity;sid:84656965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793864)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"55-j30.bryzand.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793864/; classtype:trojan-activity;sid:84656964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.212.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793863/; classtype:trojan-activity;sid:84656963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.219.4.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793862/; classtype:trojan-activity;sid:84656962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793861)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"11-k44.bryzand.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793861/; classtype:trojan-activity;sid:84656961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.189.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793860/; classtype:trojan-activity;sid:84656960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.232.15.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793859/; classtype:trojan-activity;sid:84656959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793858)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"99-f21.bryzand.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793858/; classtype:trojan-activity;sid:84656958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.211.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793856/; classtype:trojan-activity;sid:84656956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.108.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793857/; classtype:trojan-activity;sid:84656957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.192.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793855/; classtype:trojan-activity;sid:84656955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.127.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793854/; classtype:trojan-activity;sid:84656954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.87.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793853/; classtype:trojan-activity;sid:84656953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.192.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793852/; classtype:trojan-activity;sid:84656952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.91.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793851/; classtype:trojan-activity;sid:84656951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.87.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793850/; classtype:trojan-activity;sid:84656950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.108.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793849/; classtype:trojan-activity;sid:84656949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793848)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/4qrxrgo.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793848/; classtype:trojan-activity;sid:84656948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.189.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793847/; classtype:trojan-activity;sid:84656947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.235.139.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793846/; classtype:trojan-activity;sid:84656946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.90.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793845/; classtype:trojan-activity;sid:84656945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.15.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793844/; classtype:trojan-activity;sid:84656944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.27.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793843/; classtype:trojan-activity;sid:84656943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793842)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dv-77k.moxitron.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793842/; classtype:trojan-activity;sid:84656942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.183.55.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793841/; classtype:trojan-activity;sid:84656941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793840)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ct-11q.moxitron.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793840/; classtype:trojan-activity;sid:84656940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793839)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"br-44z.moxitron.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793839/; classtype:trojan-activity;sid:84656939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793838)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.137.250.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793838/; classtype:trojan-activity;sid:84656938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793837/; classtype:trojan-activity;sid:84656937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.4.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793836/; classtype:trojan-activity;sid:84656936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.246.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793835/; classtype:trojan-activity;sid:84656935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793834)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ap-90x.moxitron.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793834/; classtype:trojan-activity;sid:84656934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.15.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793833/; classtype:trojan-activity;sid:84656933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.27.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793832/; classtype:trojan-activity;sid:84656932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793831)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"0-rw1-t.jelvax.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793831/; classtype:trojan-activity;sid:84656931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.135.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793830/; classtype:trojan-activity;sid:84656930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793829)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"5-sw8-q.jelvax.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793829/; classtype:trojan-activity;sid:84656929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793828)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"2-nw4-z.jelvax.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793828/; classtype:trojan-activity;sid:84656928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793827)"; flow:established,from_client; content:"GET"; http_method; content:"/boyl7molon.old"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793827/; classtype:trojan-activity;sid:84656927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793826)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"7-tw9-x.jelvax.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793826/; classtype:trojan-activity;sid:84656926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793825)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"v1107.fythoria.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793825/; classtype:trojan-activity;sid:84656925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.4.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793824/; classtype:trojan-activity;sid:84656924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.246.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793823/; classtype:trojan-activity;sid:84656923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.135.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793822/; classtype:trojan-activity;sid:84656922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.55.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793821/; classtype:trojan-activity;sid:84656921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793820)"; flow:established,from_client; content:"GET"; http_method; content:"/files/oblivora/random.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793820/; classtype:trojan-activity;sid:84656920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793819)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"c5543.fythoria.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793819/; classtype:trojan-activity;sid:84656919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.120.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793818/; classtype:trojan-activity;sid:84656918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.80.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793817/; classtype:trojan-activity;sid:84656917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793816)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=qbyiualmcmoaukhw"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"iry0pqwo.easyyear.digital"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793816/; classtype:trojan-activity;sid:84656916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.26.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793815/; classtype:trojan-activity;sid:84656915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793814)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"x2281.fythoria.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793814/; classtype:trojan-activity;sid:84656914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.67.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793813/; classtype:trojan-activity;sid:84656913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.55.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793812/; classtype:trojan-activity;sid:84656912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.120.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793811/; classtype:trojan-activity;sid:84656911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.238.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793810/; classtype:trojan-activity;sid:84656910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.67.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793809/; classtype:trojan-activity;sid:84656909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793808)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"q9910.fythoria.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793808/; classtype:trojan-activity;sid:84656908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.209.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793807/; classtype:trojan-activity;sid:84656907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.1.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793806/; classtype:trojan-activity;sid:84656906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.56.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793805/; classtype:trojan-activity;sid:84656905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.26.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793804/; classtype:trojan-activity;sid:84656904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.231.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793803/; classtype:trojan-activity;sid:84656903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793800)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.202.243.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793800/; classtype:trojan-activity;sid:84656900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793801)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/x86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.202.243.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793801/; classtype:trojan-activity;sid:84656901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793802)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.202.243.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793802/; classtype:trojan-activity;sid:84656902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793799)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/teleport"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.202.243.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793799/; classtype:trojan-activity;sid:84656899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.127.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793798/; classtype:trojan-activity;sid:84656898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793797)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"k77.vokriz.in.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793797/; classtype:trojan-activity;sid:84656897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.238.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793796/; classtype:trojan-activity;sid:84656896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.82.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793795/; classtype:trojan-activity;sid:84656895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.209.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793794/; classtype:trojan-activity;sid:84656894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793793)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"v-qr14.vokriz.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793793/; classtype:trojan-activity;sid:84656893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793792)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"z1-mk88.vokriz.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793792/; classtype:trojan-activity;sid:84656892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793791)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"x9-pt22.vokriz.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793791/; classtype:trojan-activity;sid:84656891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.46.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793790/; classtype:trojan-activity;sid:84656890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.129.128.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793789/; classtype:trojan-activity;sid:84656889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.82.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793788/; classtype:trojan-activity;sid:84656888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793787)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"v1120.brythos.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793787/; classtype:trojan-activity;sid:84656887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.253.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793786/; classtype:trojan-activity;sid:84656886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.247.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793785/; classtype:trojan-activity;sid:84656885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.103.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793784/; classtype:trojan-activity;sid:84656884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.77.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793783/; classtype:trojan-activity;sid:84656883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793782)"; flow:established,from_client; content:"GET"; http_method; content:"/desktop/sliver-client_linux"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"165.232.186.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793782/; classtype:trojan-activity;sid:84656882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793781)"; flow:established,from_client; content:"GET"; http_method; content:"/desktop/sys.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.232.186.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793781/; classtype:trojan-activity;sid:84656881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793780)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"z0091.brythos.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793780/; classtype:trojan-activity;sid:84656880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.136.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793779/; classtype:trojan-activity;sid:84656879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.87.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793778/; classtype:trojan-activity;sid:84656878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.46.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793777/; classtype:trojan-activity;sid:84656877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.136.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793776/; classtype:trojan-activity;sid:84656876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793775)"; flow:established,from_client; content:"GET"; http_method; content:"/asfixsoftwaredev.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"sabrineme.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793775/; classtype:trojan-activity;sid:84656875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793774)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"x1y2.jovianth.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793774/; classtype:trojan-activity;sid:84656874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.87.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793773/; classtype:trojan-activity;sid:84656873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.19.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793772/; classtype:trojan-activity;sid:84656872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793771)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"wr776.vylocore.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793771/; classtype:trojan-activity;sid:84656871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793770)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"pt554.vylocore.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793770/; classtype:trojan-activity;sid:84656870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793769)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mj118.vylocore.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793769/; classtype:trojan-activity;sid:84656869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793768)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kx992.vylocore.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793768/; classtype:trojan-activity;sid:84656868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.90.123.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793767/; classtype:trojan-activity;sid:84656867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.97.113.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793766/; classtype:trojan-activity;sid:84656866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793765)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"88dd44.quobix.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793765/; classtype:trojan-activity;sid:84656865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.163.68.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793764/; classtype:trojan-activity;sid:84656864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793763)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"99bb22.quobix.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793763/; classtype:trojan-activity;sid:84656863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.126.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793762/; classtype:trojan-activity;sid:84656862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.90.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793761/; classtype:trojan-activity;sid:84656861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793760)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"55aa11.quobix.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793760/; classtype:trojan-activity;sid:84656860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.67.33.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793759/; classtype:trojan-activity;sid:84656859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793758)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"y11m.zylotech.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793758/; classtype:trojan-activity;sid:84656858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.90.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793757/; classtype:trojan-activity;sid:84656857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.97.113.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793756/; classtype:trojan-activity;sid:84656856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.232.137.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793755/; classtype:trojan-activity;sid:84656855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793754)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"t88j.zylotech.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793754/; classtype:trojan-activity;sid:84656854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.109.212.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793753/; classtype:trojan-activity;sid:84656853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793752)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"r55k.zylotech.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793752/; classtype:trojan-activity;sid:84656852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.126.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793751/; classtype:trojan-activity;sid:84656851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.251.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793749/; classtype:trojan-activity;sid:84656849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.232.137.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793750/; classtype:trojan-activity;sid:84656850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.73.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793748/; classtype:trojan-activity;sid:84656848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793747)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"w22p.zylotech.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793747/; classtype:trojan-activity;sid:84656847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.109.212.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793746/; classtype:trojan-activity;sid:84656846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.245.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793745/; classtype:trojan-activity;sid:84656845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793744)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"fny913.zenithax.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793744/; classtype:trojan-activity;sid:84656844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793743)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dxt405.zenithax.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793743/; classtype:trojan-activity;sid:84656843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.36.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793742/; classtype:trojan-activity;sid:84656842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.231.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793741/; classtype:trojan-activity;sid:84656841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.67.33.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793739/; classtype:trojan-activity;sid:84656839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.183.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793740/; classtype:trojan-activity;sid:84656840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.73.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793738/; classtype:trojan-activity;sid:84656838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793737)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"qlm299.zenithax.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793737/; classtype:trojan-activity;sid:84656837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793736)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"z-66-d4.velotronic.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793736/; classtype:trojan-activity;sid:84656836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.251.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793735/; classtype:trojan-activity;sid:84656835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.234.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793734/; classtype:trojan-activity;sid:84656834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793733)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"x-12-c7.velotronic.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793733/; classtype:trojan-activity;sid:84656833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793732)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"n-44-b9.velotronic.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793732/; classtype:trojan-activity;sid:84656832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.119.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793731/; classtype:trojan-activity;sid:84656831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.141.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793730/; classtype:trojan-activity;sid:84656830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793729)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"v-89-a2.velotronic.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793729/; classtype:trojan-activity;sid:84656829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.134.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793728/; classtype:trojan-activity;sid:84656828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.36.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793727/; classtype:trojan-activity;sid:84656827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793726)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mn776-t.dervishcore.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793726/; classtype:trojan-activity;sid:84656826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793725)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"lp440-q.dervishcore.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793725/; classtype:trojan-activity;sid:84656825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793724)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ka221-z.dervishcore.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793724/; classtype:trojan-activity;sid:84656824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.234.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793723/; classtype:trojan-activity;sid:84656823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793722)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"jd899-x.dervishcore.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793722/; classtype:trojan-activity;sid:84656822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.183.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793721/; classtype:trojan-activity;sid:84656821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.134.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793719/; classtype:trojan-activity;sid:84656819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793720)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.141.26.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793720/; classtype:trojan-activity;sid:84656820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.133.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793718/; classtype:trojan-activity;sid:84656818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.133.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793717/; classtype:trojan-activity;sid:84656817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793716)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"p9d-x77j.xylophis.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793716/; classtype:trojan-activity;sid:84656816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.27.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793715/; classtype:trojan-activity;sid:84656815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793714)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"k3l-55v6.xylophis.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793714/; classtype:trojan-activity;sid:84656814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793713)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"z8t-m11q.xylophis.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793713/; classtype:trojan-activity;sid:84656813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.205.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793712/; classtype:trojan-activity;sid:84656812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793711)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.131.182.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793711/; classtype:trojan-activity;sid:84656811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.70.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793710/; classtype:trojan-activity;sid:84656810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793709)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"a4x-99f2.xylophis.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793709/; classtype:trojan-activity;sid:84656809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.198.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793708/; classtype:trojan-activity;sid:84656808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.133.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793707/; classtype:trojan-activity;sid:84656807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793706)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"learsup.webback.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793706/; classtype:trojan-activity;sid:84656806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.133.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793705/; classtype:trojan-activity;sid:84656805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793704)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"importuni.webback.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793704/; classtype:trojan-activity;sid:84656804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793703)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.27.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793703/; classtype:trojan-activity;sid:84656803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793702)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"comp7-stack.webback.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793702/; classtype:trojan-activity;sid:84656802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.70.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793701/; classtype:trojan-activity;sid:84656801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793700)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hodz.webback.in.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793700/; classtype:trojan-activity;sid:84656800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793698)"; flow:established,from_client; content:"GET"; http_method; content:"/googlemeet/windows/download.php"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"meeting-app.sbs"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793698/; classtype:trojan-activity;sid:84656798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793699)"; flow:established,from_client; content:"GET"; http_method; content:"/z/zoom/windows/download.php"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"teak.gen.tr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793699/; classtype:trojan-activity;sid:84656799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793697)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/download.php"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"googmeetinginvitation.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793697/; classtype:trojan-activity;sid:84656797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793696)"; flow:established,from_client; content:"GET"; http_method; content:"/test.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.137.253.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793696/; classtype:trojan-activity;sid:84656796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793695)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.137.253.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793695/; classtype:trojan-activity;sid:84656795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793691)"; flow:established,from_client; content:"GET"; http_method; content:"/csrss.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.137.253.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793691/; classtype:trojan-activity;sid:84656791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793692)"; flow:established,from_client; content:"GET"; http_method; content:"/updater.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.137.253.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793692/; classtype:trojan-activity;sid:84656792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793693)"; flow:established,from_client; content:"GET"; http_method; content:"/xclient.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.137.253.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793693/; classtype:trojan-activity;sid:84656793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793694)"; flow:established,from_client; content:"GET"; http_method; content:"/f6l62sjs.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"85.137.253.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793694/; classtype:trojan-activity;sid:84656794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.248.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793690/; classtype:trojan-activity;sid:84656790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.119.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793689/; classtype:trojan-activity;sid:84656789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793688)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"canv-shi.oakstart.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793688/; classtype:trojan-activity;sid:84656788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793687)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nd77.oakstart.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793687/; classtype:trojan-activity;sid:84656787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793686)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"runtim-grid.oakstart.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793686/; classtype:trojan-activity;sid:84656786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.29.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793685/; classtype:trojan-activity;sid:84656785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.248.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793684/; classtype:trojan-activity;sid:84656784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793683)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"fdgq.oakstart.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793683/; classtype:trojan-activity;sid:84656783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.216.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793682/; classtype:trojan-activity;sid:84656782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793681)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sub-ve1v.starload.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793681/; classtype:trojan-activity;sid:84656781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793680)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"rs95h.starload.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793680/; classtype:trojan-activity;sid:84656780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793679)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"outl-grove.starload.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793679/; classtype:trojan-activity;sid:84656779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.74.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793678/; classtype:trojan-activity;sid:84656778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793677)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"metric2-route.starload.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793677/; classtype:trojan-activity;sid:84656777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793676)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"r3cor-wave.appcheck.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793676/; classtype:trojan-activity;sid:84656776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793675)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"layotra.appcheck.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793675/; classtype:trojan-activity;sid:84656775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793674)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"zen-draum.appcheck.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793674/; classtype:trojan-activity;sid:84656774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.143.172.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793673/; classtype:trojan-activity;sid:84656773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793672)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"quormarkix.appcheck.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793672/; classtype:trojan-activity;sid:84656772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.169.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793671/; classtype:trojan-activity;sid:84656771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793670)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"chefacto.appdeck.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793670/; classtype:trojan-activity;sid:84656770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.169.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793669/; classtype:trojan-activity;sid:84656769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.17.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793668/; classtype:trojan-activity;sid:84656768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793667)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"merlineos4.appdeck.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793667/; classtype:trojan-activity;sid:84656767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"96.66.24.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793666/; classtype:trojan-activity;sid:84656766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793665)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"thr3a-reach.appdeck.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793665/; classtype:trojan-activity;sid:84656765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.30.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793664/; classtype:trojan-activity;sid:84656764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.161.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793663/; classtype:trojan-activity;sid:84656763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793661)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"192.109.200.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793661/; classtype:trojan-activity;sid:84656761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793662)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"192.109.200.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793662/; classtype:trojan-activity;sid:84656762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793660)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/agenda2026.apk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"googleplaystoree.pages.dev"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793660/; classtype:trojan-activity;sid:84656760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793659)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/pdf/screenconnect.clientsetup.msi"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"preciosasjoyitas.com.mx"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793659/; classtype:trojan-activity;sid:84656759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793658)"; flow:established,from_client; content:"GET"; http_method; content:"/batremcosv7.txt"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"vendasdesistes.com.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793658/; classtype:trojan-activity;sid:84656758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793657)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok18.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"tykkprivate-uzb.sbs"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793657/; classtype:trojan-activity;sid:84656757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793654)"; flow:established,from_client; content:"GET"; http_method; content:"/social-security_documents_2025.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"pub-44db1288f9da4543b525029ecd44e149.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793654/; classtype:trojan-activity;sid:84656754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793655)"; flow:established,from_client; content:"GET"; http_method; content:"/screenconnect.clientsetup.msi"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"pub-cb25e0ca1e5b4d3b8b4dc881580f5473.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793655/; classtype:trojan-activity;sid:84656755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/module8.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"labrujuladiario.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793656/; classtype:trojan-activity;sid:84656756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793653)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/fullbet138.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"fullbet138.money"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793653/; classtype:trojan-activity;sid:84656753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793636)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.109.200.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793636/; classtype:trojan-activity;sid:84656736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793637)"; flow:established,from_client; content:"GET"; http_method; content:"/breakingbad/arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.109.200.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793637/; classtype:trojan-activity;sid:84656737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793638)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"192.109.200.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793638/; classtype:trojan-activity;sid:84656738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793639)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"192.109.200.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793639/; classtype:trojan-activity;sid:84656739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793640)"; flow:established,from_client; content:"GET"; http_method; content:"/breakingbad/mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.109.200.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793640/; classtype:trojan-activity;sid:84656740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793641)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc440"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"192.109.200.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793641/; classtype:trojan-activity;sid:84656741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793642)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.109.200.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793642/; classtype:trojan-activity;sid:84656742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793643)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"192.109.200.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793643/; classtype:trojan-activity;sid:84656743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793644)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"192.109.200.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793644/; classtype:trojan-activity;sid:84656744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793645)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.109.200.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793645/; classtype:trojan-activity;sid:84656745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793646)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.109.200.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793646/; classtype:trojan-activity;sid:84656746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793647)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"192.109.200.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793647/; classtype:trojan-activity;sid:84656747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793648)"; flow:established,from_client; content:"GET"; http_method; content:"/all.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.109.200.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793648/; classtype:trojan-activity;sid:84656748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793649)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"192.109.200.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793649/; classtype:trojan-activity;sid:84656749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793650)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"192.109.200.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793650/; classtype:trojan-activity;sid:84656750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793651)"; flow:established,from_client; content:"GET"; http_method; content:"/breakingbad/x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"192.109.200.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793651/; classtype:trojan-activity;sid:84656751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793652)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"192.109.200.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793652/; classtype:trojan-activity;sid:84656752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.186.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793635/; classtype:trojan-activity;sid:84656735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.143.172.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793634/; classtype:trojan-activity;sid:84656734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793633)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"signalcraft.appdeck.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793633/; classtype:trojan-activity;sid:84656733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793632)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"handlerasset.winlog.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793632/; classtype:trojan-activity;sid:84656732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793631)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"arkcoreex.winlog.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793631/; classtype:trojan-activity;sid:84656731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.17.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793630/; classtype:trojan-activity;sid:84656730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793629)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nobclo.winlog.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793629/; classtype:trojan-activity;sid:84656729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"96.66.24.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793628/; classtype:trojan-activity;sid:84656728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.161.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793627/; classtype:trojan-activity;sid:84656727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793626)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dispatchercasc.winlog.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793626/; classtype:trojan-activity;sid:84656726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.68.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793625/; classtype:trojan-activity;sid:84656725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793624)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"icetermi.decktop.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793624/; classtype:trojan-activity;sid:84656724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.115.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793623/; classtype:trojan-activity;sid:84656723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.181.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793622/; classtype:trojan-activity;sid:84656722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793621)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"1ink9-bridge.decktop.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793621/; classtype:trojan-activity;sid:84656721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793620)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"invoicepixe.decktop.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793620/; classtype:trojan-activity;sid:84656720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.55.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793619/; classtype:trojan-activity;sid:84656719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793618)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"splitboos.decktop.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793618/; classtype:trojan-activity;sid:84656718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.59.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793617/; classtype:trojan-activity;sid:84656717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.65.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793616/; classtype:trojan-activity;sid:84656716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793615)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"velnex4ex.soldop.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793615/; classtype:trojan-activity;sid:84656715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.29.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793614/; classtype:trojan-activity;sid:84656714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793613)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"en3vikif.soldop.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793613/; classtype:trojan-activity;sid:84656713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.141.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793612/; classtype:trojan-activity;sid:84656712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793611)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tqiauc.soldop.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793611/; classtype:trojan-activity;sid:84656711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.2.130"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793610/; classtype:trojan-activity;sid:84656710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.55.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793609/; classtype:trojan-activity;sid:84656709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.11.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793608/; classtype:trojan-activity;sid:84656708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.108.90.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793607/; classtype:trojan-activity;sid:84656707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793606)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"h4rd-cache.soldop.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793606/; classtype:trojan-activity;sid:84656706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.11.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793605/; classtype:trojan-activity;sid:84656705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793604)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dispatc-tra.windev.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793604/; classtype:trojan-activity;sid:84656704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.12.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793603/; classtype:trojan-activity;sid:84656703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793602)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vor-crestet.windev.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793602/; classtype:trojan-activity;sid:84656702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.141.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793601/; classtype:trojan-activity;sid:84656701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.52.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793600/; classtype:trojan-activity;sid:84656700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.108.90.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793599/; classtype:trojan-activity;sid:84656699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793598)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"v4ul6-scope.windev.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793598/; classtype:trojan-activity;sid:84656698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.115.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793597/; classtype:trojan-activity;sid:84656697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.226.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793596/; classtype:trojan-activity;sid:84656696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793595)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"open1-branch.windev.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793595/; classtype:trojan-activity;sid:84656695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.65.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793594/; classtype:trojan-activity;sid:84656694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793593)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"basa-cod.skyroad.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793593/; classtype:trojan-activity;sid:84656693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793592)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mastoken.skyroad.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793592/; classtype:trojan-activity;sid:84656692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.243.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793590/; classtype:trojan-activity;sid:84656690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.145.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793591/; classtype:trojan-activity;sid:84656691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.253.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793588/; classtype:trojan-activity;sid:84656688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.183.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793589/; classtype:trojan-activity;sid:84656689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.253.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793586/; classtype:trojan-activity;sid:84656686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.183.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793587/; classtype:trojan-activity;sid:84656687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.12.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793585/; classtype:trojan-activity;sid:84656685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793584)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"st0n-index.skyroad.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793584/; classtype:trojan-activity;sid:84656684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793583)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"72jk.skyroad.in.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793583/; classtype:trojan-activity;sid:84656683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.226.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793582/; classtype:trojan-activity;sid:84656682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.115.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793581/; classtype:trojan-activity;sid:84656681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793579)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"gath3r1-phase.skybit.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793579/; classtype:trojan-activity;sid:84656679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793580)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=peyjyltrgrbjegnd"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"kt9p9evj.lighthouseup.digital"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793580/; classtype:trojan-activity;sid:84656680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.113.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793578/; classtype:trojan-activity;sid:84656678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.39.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793577/; classtype:trojan-activity;sid:84656677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.145.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793576/; classtype:trojan-activity;sid:84656676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.113.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793575/; classtype:trojan-activity;sid:84656675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793574)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"glyphcrest.skybit.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793574/; classtype:trojan-activity;sid:84656674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793573)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"t3rm-trace.skybit.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793573/; classtype:trojan-activity;sid:84656673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.168.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793572/; classtype:trojan-activity;sid:84656672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793571)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"xhepy.skybit.in.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793571/; classtype:trojan-activity;sid:84656671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.6.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793569/; classtype:trojan-activity;sid:84656669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.168.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793570/; classtype:trojan-activity;sid:84656670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793568)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"5xt2jam.moondev.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793568/; classtype:trojan-activity;sid:84656668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793567)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sdkwinter.moondev.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793567/; classtype:trojan-activity;sid:84656667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793566)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"canvsoc.moondev.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793566/; classtype:trojan-activity;sid:84656666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793565)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"focufield.moondev.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793565/; classtype:trojan-activity;sid:84656665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.6.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793564/; classtype:trojan-activity;sid:84656664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.194.35.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793563/; classtype:trojan-activity;sid:84656663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793562)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"st4r-field.starapi.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793562/; classtype:trojan-activity;sid:84656662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.15.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793561/; classtype:trojan-activity;sid:84656661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.15.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793560/; classtype:trojan-activity;sid:84656660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793559)"; flow:established,from_client; content:"GET"; http_method; content:"/czrmrtxnrnonbxhwffeqjnfbrlinashg"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"64.89.161.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793559/; classtype:trojan-activity;sid:84656659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.85.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793558/; classtype:trojan-activity;sid:84656658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793556)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/v2kq2p1pi88qdu0bwyi2t/zoominstallerupdate8.3.zip|3f|rlkey=vcceb5woskdxr09i7w9b6zhra|7c|26|7c|st=b4sxzsuh|7c|26|7c|dl=1"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793556/; classtype:trojan-activity;sid:84656656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793557)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/n21z2a7fwawlrk56o9cb9/vmware-viclient-0dfc12e1.exe|3f|rlkey=kjx4biy1xc3qf2mogq57pv80b|7c|26|7c|st=irspqesm|7c|26|7c|dl=1"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793557/; classtype:trojan-activity;sid:84656657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793555)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kelcoreet.starapi.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793555/; classtype:trojan-activity;sid:84656655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.108.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793554/; classtype:trojan-activity;sid:84656654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.35.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793553/; classtype:trojan-activity;sid:84656653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793552)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nad1d.starapi.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793552/; classtype:trojan-activity;sid:84656652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793551)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kelmesha3.ironhub.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793551/; classtype:trojan-activity;sid:84656651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.243.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793550/; classtype:trojan-activity;sid:84656650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793549)"; flow:established,from_client; content:"GET"; http_method; content:"/chrome.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"google-2gy.pages.dev"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793549/; classtype:trojan-activity;sid:84656649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793548)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"eastvine.ironhub.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793548/; classtype:trojan-activity;sid:84656648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.36.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793547/; classtype:trojan-activity;sid:84656647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793546)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"garde-sha.ironhub.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793546/; classtype:trojan-activity;sid:84656646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.249.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793545/; classtype:trojan-activity;sid:84656645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.141.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793544/; classtype:trojan-activity;sid:84656644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.185.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793543/; classtype:trojan-activity;sid:84656643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793542)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"u68ojr.ironhub.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793542/; classtype:trojan-activity;sid:84656642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.185.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793541/; classtype:trojan-activity;sid:84656641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.187.68.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793540/; classtype:trojan-activity;sid:84656640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.15.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793539/; classtype:trojan-activity;sid:84656639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793538)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"48z9.lakeweb.in.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793538/; classtype:trojan-activity;sid:84656638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.249.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793537/; classtype:trojan-activity;sid:84656637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.36.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793536/; classtype:trojan-activity;sid:84656636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.187.68.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793535/; classtype:trojan-activity;sid:84656635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.129.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793534/; classtype:trojan-activity;sid:84656634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793533)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"supplybrave.lakeweb.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793533/; classtype:trojan-activity;sid:84656633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.13.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793532/; classtype:trojan-activity;sid:84656632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.75.12.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793531/; classtype:trojan-activity;sid:84656631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.87.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793530/; classtype:trojan-activity;sid:84656630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793529)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"quornexum.lakeweb.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793529/; classtype:trojan-activity;sid:84656629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793528)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vellithos7.lakeweb.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793528/; classtype:trojan-activity;sid:84656628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.186.230.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793527/; classtype:trojan-activity;sid:84656627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.221.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793526/; classtype:trojan-activity;sid:84656626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.198.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793525/; classtype:trojan-activity;sid:84656625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793524)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"lagoo-craft.rockapp.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793524/; classtype:trojan-activity;sid:84656624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.52.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793523/; classtype:trojan-activity;sid:84656623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793522)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=ktfcyhxeiwogcnvv"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"n5s8iqqg.arabtransplant.digital"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793522/; classtype:trojan-activity;sid:84656622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793521)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"grovalue.rockapp.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793521/; classtype:trojan-activity;sid:84656621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.177.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793520/; classtype:trojan-activity;sid:84656620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793519)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"studiosha.rockapp.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793519/; classtype:trojan-activity;sid:84656619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.243.207.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793518/; classtype:trojan-activity;sid:84656618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.13.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793517/; classtype:trojan-activity;sid:84656617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.198.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793516/; classtype:trojan-activity;sid:84656616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793515)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"importsan.rockapp.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793515/; classtype:trojan-activity;sid:84656615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.75.12.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793514/; classtype:trojan-activity;sid:84656614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.61.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793513/; classtype:trojan-activity;sid:84656613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793512)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kel-tideix.goldsys.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793512/; classtype:trojan-activity;sid:84656612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.245.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793511/; classtype:trojan-activity;sid:84656611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.148.184.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793510/; classtype:trojan-activity;sid:84656610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.169.124.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793509/; classtype:trojan-activity;sid:84656609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.56.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793508/; classtype:trojan-activity;sid:84656608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793507)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"buildsprou.goldsys.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793507/; classtype:trojan-activity;sid:84656607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.177.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793506/; classtype:trojan-activity;sid:84656606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.0.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793505/; classtype:trojan-activity;sid:84656605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793504)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7942715918/1sbgglw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793504/; classtype:trojan-activity;sid:84656604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793503)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"x2zev.goldsys.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793503/; classtype:trojan-activity;sid:84656603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.61.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793501/; classtype:trojan-activity;sid:84656601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.235.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793502/; classtype:trojan-activity;sid:84656602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.95.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793500/; classtype:trojan-activity;sid:84656600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.4.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793499/; classtype:trojan-activity;sid:84656599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793498)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ioqdz.winddev.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793498/; classtype:trojan-activity;sid:84656598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793497)"; flow:established,from_client; content:"GET"; http_method; content:"/notion/notion-app-6.475.3-win-x64.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"elvenforest.s3.us-east-005.backblazeb2.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793497/; classtype:trojan-activity;sid:84656597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793496)"; flow:established,from_client; content:"GET"; http_method; content:"/blender/blender-9.0.364_win_x64.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"elvenforest.s3.us-east-005.backblazeb2.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793496/; classtype:trojan-activity;sid:84656596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793495)"; flow:established,from_client; content:"GET"; http_method; content:"/windsurf/windsurf-setup-9.0.582_x64.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"elvenforest.s3.us-east-005.backblazeb2.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793495/; classtype:trojan-activity;sid:84656595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793494)"; flow:established,from_client; content:"GET"; http_method; content:"/inventor/autodesk-inventor-x64-5.35.374.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"elvenforest.s3.us-east-005.backblazeb2.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793494/; classtype:trojan-activity;sid:84656594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793493)"; flow:established,from_client; content:"GET"; http_method; content:"/api/v1/customer-sync-47a2d/jquery.js"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"www.cloudflara.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793493/; classtype:trojan-activity;sid:84656593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793492)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"meta-tr3n.winddev.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793492/; classtype:trojan-activity;sid:84656592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.84.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793491/; classtype:trojan-activity;sid:84656591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.56.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793490/; classtype:trojan-activity;sid:84656590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793489)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"lum-forgear.winddev.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793489/; classtype:trojan-activity;sid:84656589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793488)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"report-gold.winddev.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793488/; classtype:trojan-activity;sid:84656588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.33.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793487/; classtype:trojan-activity;sid:84656587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793486)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mhrmjphd.oaknet.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793486/; classtype:trojan-activity;sid:84656586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.95.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793485/; classtype:trojan-activity;sid:84656585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.235.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793484/; classtype:trojan-activity;sid:84656584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.226.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793483/; classtype:trojan-activity;sid:84656583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.222.62.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793482/; classtype:trojan-activity;sid:84656582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793481)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"deploymesh.oaknet.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793481/; classtype:trojan-activity;sid:84656581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.228.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793480/; classtype:trojan-activity;sid:84656580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.29.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793479/; classtype:trojan-activity;sid:84656579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793478)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"jbstvz.oaknet.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793478/; classtype:trojan-activity;sid:84656578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.239.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793477/; classtype:trojan-activity;sid:84656577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793476)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"p4cket-signal.oaknet.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793476/; classtype:trojan-activity;sid:84656576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793475)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"t3mp0-zone.sunbit.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793475/; classtype:trojan-activity;sid:84656575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.33.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793474/; classtype:trojan-activity;sid:84656574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793473)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"c1ip-scope.sunbit.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793473/; classtype:trojan-activity;sid:84656573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.29.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793472/; classtype:trojan-activity;sid:84656572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.243.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793471/; classtype:trojan-activity;sid:84656571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.239.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793470/; classtype:trojan-activity;sid:84656570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.222.62.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793462/; classtype:trojan-activity;sid:84656562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.13.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793463/; classtype:trojan-activity;sid:84656563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793464)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.45-90-98-218.plesk.page"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793464/; classtype:trojan-activity;sid:84656564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.30.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793465/; classtype:trojan-activity;sid:84656565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.30.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793466/; classtype:trojan-activity;sid:84656566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793467)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"musing-visvesvaraya.45-90-98-218.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793467/; classtype:trojan-activity;sid:84656567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.228.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793468/; classtype:trojan-activity;sid:84656568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793469)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/eq8e1l4b0qjd22w/chrome_100_percent.pak/file"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793469/; classtype:trojan-activity;sid:84656569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793459)"; flow:established,from_client; content:"GET"; http_method; content:"/eq8e1l4b0qjd22w"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"casyetnx.pw"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793459/; classtype:trojan-activity;sid:84656559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793460)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"parceldusk.sunbit.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793460/; classtype:trojan-activity;sid:84656560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793461)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nodesteri.sunbit.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793461/; classtype:trojan-activity;sid:84656561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793458)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"glob-k2.siliconcanyon.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793458/; classtype:trojan-activity;sid:84656558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793447)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.45-90-98-218.plesk.page"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793447/; classtype:trojan-activity;sid:84656547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793448)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"musing-visvesvaraya.45-90-98-218.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793448/; classtype:trojan-activity;sid:84656548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793449)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"musing-visvesvaraya.45-90-98-218.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793449/; classtype:trojan-activity;sid:84656549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793450)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"musing-visvesvaraya.45-90-98-218.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793450/; classtype:trojan-activity;sid:84656550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793451)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"musing-visvesvaraya.45-90-98-218.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793451/; classtype:trojan-activity;sid:84656551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793452)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"musing-visvesvaraya.45-90-98-218.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793452/; classtype:trojan-activity;sid:84656552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793453)"; flow:established,from_client; content:"GET"; http_method; content:"/scanner.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"musing-visvesvaraya.45-90-98-218.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793453/; classtype:trojan-activity;sid:84656553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793454)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.45-90-98-218.plesk.page"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793454/; classtype:trojan-activity;sid:84656554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793455)"; flow:established,from_client; content:"GET"; http_method; content:"/scanner.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.45-90-98-218.plesk.page"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793455/; classtype:trojan-activity;sid:84656555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793456)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.45-90-98-218.plesk.page"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793456/; classtype:trojan-activity;sid:84656556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793457)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"musing-visvesvaraya.45-90-98-218.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793457/; classtype:trojan-activity;sid:84656557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793445)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.45-90-98-218.plesk.page"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793445/; classtype:trojan-activity;sid:84656545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793446)"; flow:established,from_client; content:"GET"; http_method; content:"/sc.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"musing-visvesvaraya.45-90-98-218.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793446/; classtype:trojan-activity;sid:84656546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793441)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.45-90-98-218.plesk.page"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793441/; classtype:trojan-activity;sid:84656541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793442)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.45-90-98-218.plesk.page"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793442/; classtype:trojan-activity;sid:84656542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793443)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"musing-visvesvaraya.45-90-98-218.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793443/; classtype:trojan-activity;sid:84656543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793444)"; flow:established,from_client; content:"GET"; http_method; content:"/sc.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"www.45-90-98-218.plesk.page"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793444/; classtype:trojan-activity;sid:84656544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793434)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"musing-visvesvaraya.45-90-98-218.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793434/; classtype:trojan-activity;sid:84656534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793435)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"musing-visvesvaraya.45-90-98-218.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793435/; classtype:trojan-activity;sid:84656535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793436)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.45-90-98-218.plesk.page"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793436/; classtype:trojan-activity;sid:84656536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793437)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.45-90-98-218.plesk.page"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793437/; classtype:trojan-activity;sid:84656537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793438)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"musing-visvesvaraya.45-90-98-218.plesk.page"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793438/; classtype:trojan-activity;sid:84656538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793439)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.45-90-98-218.plesk.page"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793439/; classtype:trojan-activity;sid:84656539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793440)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.45-90-98-218.plesk.page"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793440/; classtype:trojan-activity;sid:84656540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793433)"; flow:established,from_client; content:"GET"; http_method; content:"/sc.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.90.98.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793433/; classtype:trojan-activity;sid:84656533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793424)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.90.98.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793424/; classtype:trojan-activity;sid:84656524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793425)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.90.98.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793425/; classtype:trojan-activity;sid:84656525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793426)"; flow:established,from_client; content:"GET"; http_method; content:"/scanner.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.90.98.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793426/; classtype:trojan-activity;sid:84656526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793427)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.90.98.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793427/; classtype:trojan-activity;sid:84656527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793428)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.90.98.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793428/; classtype:trojan-activity;sid:84656528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793429)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.90.98.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793429/; classtype:trojan-activity;sid:84656529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793430)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.90.98.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793430/; classtype:trojan-activity;sid:84656530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793431)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.90.98.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793431/; classtype:trojan-activity;sid:84656531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793432)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.90.98.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793432/; classtype:trojan-activity;sid:84656532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793422)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.90.98.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793422/; classtype:trojan-activity;sid:84656522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793423)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.90.98.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793423/; classtype:trojan-activity;sid:84656523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793421)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"unit-r1.siliconcanyon.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793421/; classtype:trojan-activity;sid:84656521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793420)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sili-h7.siliconcanyon.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793420/; classtype:trojan-activity;sid:84656520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.48.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793419/; classtype:trojan-activity;sid:84656519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793418)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"pl5-zw18.siliconcanyon.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793418/; classtype:trojan-activity;sid:84656518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793417)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"node-s0.quartzhorizon.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793417/; classtype:trojan-activity;sid:84656517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793416)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"orig-m4.quartzhorizon.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793416/; classtype:trojan-activity;sid:84656516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793415)"; flow:established,from_client; content:"GET"; http_method; content:"/s.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.141.148.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793415/; classtype:trojan-activity;sid:84656515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.80.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793414/; classtype:trojan-activity;sid:84656514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.103.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793410/; classtype:trojan-activity;sid:84656510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.196.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793411/; classtype:trojan-activity;sid:84656511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.196.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793412/; classtype:trojan-activity;sid:84656512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.129.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793403/; classtype:trojan-activity;sid:84656503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793404)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"86.127.241.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793404/; classtype:trojan-activity;sid:84656504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.223.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793405/; classtype:trojan-activity;sid:84656505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793406)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.90.98.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793406/; classtype:trojan-activity;sid:84656506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.223.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793407/; classtype:trojan-activity;sid:84656507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793408)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.98.214.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793408/; classtype:trojan-activity;sid:84656508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793409)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.203.168.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793409/; classtype:trojan-activity;sid:84656509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793400)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"quar-c2.quartzhorizon.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793400/; classtype:trojan-activity;sid:84656500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.85.183.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793401/; classtype:trojan-activity;sid:84656501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.85.183.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793402/; classtype:trojan-activity;sid:84656502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.67.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793399/; classtype:trojan-activity;sid:84656499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.242.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793397/; classtype:trojan-activity;sid:84656497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.189.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793398/; classtype:trojan-activity;sid:84656498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793396)"; flow:established,from_client; content:"GET"; http_method; content:"/mahadzu/gigachad-grc/main/terraform/modules/redis/gigachad-grc-v3.3-alpha.1.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793396/; classtype:trojan-activity;sid:84656496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793395)"; flow:established,from_client; content:"GET"; http_method; content:"/pesanuntukanda/chatgpt-enterprise-premium-unlocked/raw/branch/scourwort/unlocked_chatgpt_premium_enterprise_1.9.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793395/; classtype:trojan-activity;sid:84656495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.151.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793394/; classtype:trojan-activity;sid:84656494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.126.86.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793393/; classtype:trojan-activity;sid:84656493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793392)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hx9-mv33.quartzhorizon.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793392/; classtype:trojan-activity;sid:84656492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.9.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793391/; classtype:trojan-activity;sid:84656491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793390)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"flow-x3.staticmotion.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793390/; classtype:trojan-activity;sid:84656490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793389)"; flow:established,from_client; content:"GET"; http_method; content:"/chfs/shared/dqwcsaa.jpg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"70.39.197.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793389/; classtype:trojan-activity;sid:84656489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793388)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"srv-p8.staticmotion.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793388/; classtype:trojan-activity;sid:84656488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793387)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"stat-d6.staticmotion.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793387/; classtype:trojan-activity;sid:84656487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793386)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"jn2-bt04.staticmotion.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793386/; classtype:trojan-activity;sid:84656486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793385)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"auth-z1.motiongravity.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793385/; classtype:trojan-activity;sid:84656485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793384)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=qwwawpfmtxgxyjem"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"iqqppe36.cigarettecombin.digital"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793384/; classtype:trojan-activity;sid:84656484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793383)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"web-k9.motiongravity.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793383/; classtype:trojan-activity;sid:84656483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.249.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793382/; classtype:trojan-activity;sid:84656482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.106.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793381/; classtype:trojan-activity;sid:84656481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793380)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"moti-u5.motiongravity.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793380/; classtype:trojan-activity;sid:84656480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793379)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cr4-xw90.motiongravity.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793379/; classtype:trojan-activity;sid:84656479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793378)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"data-f6.orbitcapture.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793378/; classtype:trojan-activity;sid:84656478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.249.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793377/; classtype:trojan-activity;sid:84656477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.229.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793376/; classtype:trojan-activity;sid:84656476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793375)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"edge-v3.orbitcapture.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793375/; classtype:trojan-activity;sid:84656475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.95.131.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793374/; classtype:trojan-activity;sid:84656474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793373)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"orbi-q7.orbitcapture.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793373/; classtype:trojan-activity;sid:84656473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.54.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793372/; classtype:trojan-activity;sid:84656472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.192.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793371/; classtype:trojan-activity;sid:84656471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.18.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793370/; classtype:trojan-activity;sid:84656470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.12.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793369/; classtype:trojan-activity;sid:84656469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793368)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"link-y5.vertexanchor.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793368/; classtype:trojan-activity;sid:84656468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793367)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"host-b1.vertexanchor.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793367/; classtype:trojan-activity;sid:84656467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.54.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793366/; classtype:trojan-activity;sid:84656466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.229.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793365/; classtype:trojan-activity;sid:84656465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793364)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"lp3-qv06.vertexanchor.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793364/; classtype:trojan-activity;sid:84656464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.192.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793363/; classtype:trojan-activity;sid:84656463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793362)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"core-t9.tensorfield.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793362/; classtype:trojan-activity;sid:84656462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.249.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793361/; classtype:trojan-activity;sid:84656461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793360)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"main-p4.tensorfield.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793360/; classtype:trojan-activity;sid:84656460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793359)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tens-r8.tensorfield.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793359/; classtype:trojan-activity;sid:84656459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793356)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bz1-gh55.tensorfield.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793356/; classtype:trojan-activity;sid:84656456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.120.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793357/; classtype:trojan-activity;sid:84656457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.48.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793358/; classtype:trojan-activity;sid:84656458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.113.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793355/; classtype:trojan-activity;sid:84656455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.249.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793354/; classtype:trojan-activity;sid:84656454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.38.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793353/; classtype:trojan-activity;sid:84656453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.88.116.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793352/; classtype:trojan-activity;sid:84656452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.113.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793351/; classtype:trojan-activity;sid:84656451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.48.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793350/; classtype:trojan-activity;sid:84656450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.156.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793349/; classtype:trojan-activity;sid:84656449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.235.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793348/; classtype:trojan-activity;sid:84656448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793347)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"root-x2.metricfusion.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793347/; classtype:trojan-activity;sid:84656447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.84.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793346/; classtype:trojan-activity;sid:84656446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793345)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"metr-k44.metricfusion.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793345/; classtype:trojan-activity;sid:84656445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.84.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793344/; classtype:trojan-activity;sid:84656444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.88.116.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793343/; classtype:trojan-activity;sid:84656443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.5.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793342/; classtype:trojan-activity;sid:84656442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.156.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793341/; classtype:trojan-activity;sid:84656441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.55.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793340/; classtype:trojan-activity;sid:84656440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.106.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793339/; classtype:trojan-activity;sid:84656439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.55.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793338/; classtype:trojan-activity;sid:84656438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.77.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793337/; classtype:trojan-activity;sid:84656437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793336)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"serv-z9.metricfusion.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793336/; classtype:trojan-activity;sid:84656436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.30.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793335/; classtype:trojan-activity;sid:84656435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793334)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"local-s1.patternshadow.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793334/; classtype:trojan-activity;sid:84656434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.148.184.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793333/; classtype:trojan-activity;sid:84656433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.106.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793332/; classtype:trojan-activity;sid:84656432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.249.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793331/; classtype:trojan-activity;sid:84656431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.149.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793330/; classtype:trojan-activity;sid:84656430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793329)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"patt-f21.patternshadow.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793329/; classtype:trojan-activity;sid:84656429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793328)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dist-mx5.patternshadow.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793328/; classtype:trojan-activity;sid:84656428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.203.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793327/; classtype:trojan-activity;sid:84656427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.203.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793326/; classtype:trojan-activity;sid:84656426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.197.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793325/; classtype:trojan-activity;sid:84656425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.80.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793324/; classtype:trojan-activity;sid:84656424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.215.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793323/; classtype:trojan-activity;sid:84656423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793322)"; flow:established,from_client; content:"GET"; http_method; content:"/data.mipsel-uclibc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"5.175.223.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793322/; classtype:trojan-activity;sid:84656422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.168.10.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793321/; classtype:trojan-activity;sid:84656421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.80.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793320/; classtype:trojan-activity;sid:84656420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.50.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793319/; classtype:trojan-activity;sid:84656419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.149.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793318/; classtype:trojan-activity;sid:84656418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.245.107.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793317/; classtype:trojan-activity;sid:84656417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.240.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793316/; classtype:trojan-activity;sid:84656416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.226.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793315/; classtype:trojan-activity;sid:84656415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.226.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793314/; classtype:trojan-activity;sid:84656414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793313)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cool.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793313/; classtype:trojan-activity;sid:84656413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.215.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793312/; classtype:trojan-activity;sid:84656412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793311)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"term-sync.vibratronic.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793311/; classtype:trojan-activity;sid:84656411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.62.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793310/; classtype:trojan-activity;sid:84656410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793309)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vibr-v08.vibratronic.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793309/; classtype:trojan-activity;sid:84656409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"108.168.10.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793308/; classtype:trojan-activity;sid:84656408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.226.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793307/; classtype:trojan-activity;sid:84656407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.12.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793306/; classtype:trojan-activity;sid:84656406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.48.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793305/; classtype:trojan-activity;sid:84656405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793304)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"main-peak.obsidianix.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793304/; classtype:trojan-activity;sid:84656404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793303/; classtype:trojan-activity;sid:84656403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.48.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793302/; classtype:trojan-activity;sid:84656402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793301)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vult-hub.spectrometric.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793301/; classtype:trojan-activity;sid:84656401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793300/; classtype:trojan-activity;sid:84656400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.221.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793299/; classtype:trojan-activity;sid:84656399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.50.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793298/; classtype:trojan-activity;sid:84656398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.80.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793297/; classtype:trojan-activity;sid:84656397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.221.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793296/; classtype:trojan-activity;sid:84656396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793295)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"quan-v3.quantovault.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793295/; classtype:trojan-activity;sid:84656395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793294)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"alti-flow.altimetrica.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793294/; classtype:trojan-activity;sid:84656394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.30.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793293/; classtype:trojan-activity;sid:84656393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793292)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cent-base.centurionix.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793292/; classtype:trojan-activity;sid:84656392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793291)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"171.25.158.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793291/; classtype:trojan-activity;sid:84656391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793290)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"171.25.158.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793290/; classtype:trojan-activity;sid:84656390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793280)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"171.25.158.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793280/; classtype:trojan-activity;sid:84656380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793281)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"171.25.158.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793281/; classtype:trojan-activity;sid:84656381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793282)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"171.25.158.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793282/; classtype:trojan-activity;sid:84656382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793283)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"171.25.158.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793283/; classtype:trojan-activity;sid:84656383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793284)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"171.25.158.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793284/; classtype:trojan-activity;sid:84656384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793285)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"171.25.158.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793285/; classtype:trojan-activity;sid:84656385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793286)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"171.25.158.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793286/; classtype:trojan-activity;sid:84656386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793287)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"171.25.158.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793287/; classtype:trojan-activity;sid:84656387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793288)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"171.25.158.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793288/; classtype:trojan-activity;sid:84656388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793289)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"171.25.158.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793289/; classtype:trojan-activity;sid:84656389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793278)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"171.25.158.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793278/; classtype:trojan-activity;sid:84656378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793279)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"171.25.158.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793279/; classtype:trojan-activity;sid:84656379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793277)"; flow:established,from_client; content:"GET"; http_method; content:"/tr064"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"171.25.158.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793277/; classtype:trojan-activity;sid:84656377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793276)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"syst-node.centurionix.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793276/; classtype:trojan-activity;sid:84656376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793275)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"stru-run.structovista.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793275/; classtype:trojan-activity;sid:84656375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.40.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793274/; classtype:trojan-activity;sid:84656374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.187.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793273/; classtype:trojan-activity;sid:84656373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793272)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"link-net.structovista.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793272/; classtype:trojan-activity;sid:84656372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.42.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793271/; classtype:trojan-activity;sid:84656371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793270)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"stru-v77.structovista.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793270/; classtype:trojan-activity;sid:84656370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.42.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793269/; classtype:trojan-activity;sid:84656369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793268)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"link-node.structovista.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793268/; classtype:trojan-activity;sid:84656368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.60.252.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793267/; classtype:trojan-activity;sid:84656367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793266)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"gala-net.galactoview.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793266/; classtype:trojan-activity;sid:84656366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793265)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tech-base.galactoview.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793265/; classtype:trojan-activity;sid:84656365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.187.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793264/; classtype:trojan-activity;sid:84656364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.65.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793263/; classtype:trojan-activity;sid:84656363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.209.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793262/; classtype:trojan-activity;sid:84656362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.131.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793261/; classtype:trojan-activity;sid:84656361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.252.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793260/; classtype:trojan-activity;sid:84656360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793259)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"gala-v11.galactoview.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793259/; classtype:trojan-activity;sid:84656359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.4.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793258/; classtype:trojan-activity;sid:84656358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.207.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793257/; classtype:trojan-activity;sid:84656357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.7.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793256/; classtype:trojan-activity;sid:84656356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793255)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tech-ref.galactoview.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793255/; classtype:trojan-activity;sid:84656355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793254)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sync-unit.synchromesh.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793254/; classtype:trojan-activity;sid:84656354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.136.85.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793253/; classtype:trojan-activity;sid:84656353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793252)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"flow-gate.synchromesh.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793252/; classtype:trojan-activity;sid:84656352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793251)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sync-v09.synchromesh.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793251/; classtype:trojan-activity;sid:84656351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.131.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793250/; classtype:trojan-activity;sid:84656350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.65.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793249/; classtype:trojan-activity;sid:84656349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793248)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vibr-flow.vibratronic.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793248/; classtype:trojan-activity;sid:84656348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.65.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793247/; classtype:trojan-activity;sid:84656347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.73.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793246/; classtype:trojan-activity;sid:84656346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.126.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793245/; classtype:trojan-activity;sid:84656345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.92.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793244/; classtype:trojan-activity;sid:84656344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.7.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793243/; classtype:trojan-activity;sid:84656343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.217.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793242/; classtype:trojan-activity;sid:84656342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793241)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"term-way.vibratronic.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793241/; classtype:trojan-activity;sid:84656341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793240)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"obsi-base.obsidianix.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793240/; classtype:trojan-activity;sid:84656340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.228.249.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793238/; classtype:trojan-activity;sid:84656338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.228.249.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793239/; classtype:trojan-activity;sid:84656339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.199.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793237/; classtype:trojan-activity;sid:84656337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793236)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"main-sys.obsidianix.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793236/; classtype:trojan-activity;sid:84656336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.191.72.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793235/; classtype:trojan-activity;sid:84656335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.92.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793234/; classtype:trojan-activity;sid:84656334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793233)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"obsi-v6.obsidianix.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793233/; classtype:trojan-activity;sid:84656333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.207.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793232/; classtype:trojan-activity;sid:84656332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793231)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"spec-node.spectrometric.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793231/; classtype:trojan-activity;sid:84656331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.73.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793230/; classtype:trojan-activity;sid:84656330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793229)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"spec-v05.spectrometric.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793229/; classtype:trojan-activity;sid:84656329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793228)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=gmxbhvrdbsaioizj"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"f0fjv96k.demogsystemat.digital"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793228/; classtype:trojan-activity;sid:84656328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.211.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793227/; classtype:trojan-activity;sid:84656327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.245.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793226/; classtype:trojan-activity;sid:84656326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793225)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vult-vault.spectrometric.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793225/; classtype:trojan-activity;sid:84656325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793224)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"prim-data.primordialis.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793224/; classtype:trojan-activity;sid:84656324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.25.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793223/; classtype:trojan-activity;sid:84656323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.196.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793222/; classtype:trojan-activity;sid:84656322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793221)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"prim-v44.primordialis.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793221/; classtype:trojan-activity;sid:84656321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.196.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793220/; classtype:trojan-activity;sid:84656320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793219)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"logic-core.primordialis.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793219/; classtype:trojan-activity;sid:84656319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793218)"; flow:established,from_client; content:"GET"; http_method; content:"/sodal"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.211.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793218/; classtype:trojan-activity;sid:84656318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.163.184.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793217/; classtype:trojan-activity;sid:84656317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793216)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"quan-edge.quantovault.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793216/; classtype:trojan-activity;sid:84656316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.94.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793215/; classtype:trojan-activity;sid:84656315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793214)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"data-unit.quantovault.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793214/; classtype:trojan-activity;sid:84656314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.25.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793213/; classtype:trojan-activity;sid:84656313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.68.162.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793212/; classtype:trojan-activity;sid:84656312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.51.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793211/; classtype:trojan-activity;sid:84656311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793210)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"data-gate.quantovault.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793210/; classtype:trojan-activity;sid:84656310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.228.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793209/; classtype:trojan-activity;sid:84656309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793208)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"infra-net.altimetrica.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793208/; classtype:trojan-activity;sid:84656308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793207)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"alti-v12.altimetrica.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793207/; classtype:trojan-activity;sid:84656307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.68.162.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793206/; classtype:trojan-activity;sid:84656306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.31.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793205/; classtype:trojan-activity;sid:84656305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.51.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793204/; classtype:trojan-activity;sid:84656304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.114.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793203/; classtype:trojan-activity;sid:84656303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793202)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"infra-hub.altimetrica.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793202/; classtype:trojan-activity;sid:84656302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.114.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793201/; classtype:trojan-activity;sid:84656301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793200)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"syst-sync.centurionix.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793200/; classtype:trojan-activity;sid:84656300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793199)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cent-v01.centurionix.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793199/; classtype:trojan-activity;sid:84656299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.31.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793198/; classtype:trojan-activity;sid:84656298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793197)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"syncryp.bestink.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793197/; classtype:trojan-activity;sid:84656297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793196)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ch3c-line.bestink.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793196/; classtype:trojan-activity;sid:84656296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.203.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793195/; classtype:trojan-activity;sid:84656295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793194)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"u1tr5-bridge.lookback.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793194/; classtype:trojan-activity;sid:84656294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.247.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793193/; classtype:trojan-activity;sid:84656293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.163.184.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793192/; classtype:trojan-activity;sid:84656292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793191)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sp4rrow-phase.lookback.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793191/; classtype:trojan-activity;sid:84656291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.1.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793190/; classtype:trojan-activity;sid:84656290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793189)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"eaec4m.droplast.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793189/; classtype:trojan-activity;sid:84656289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.92.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793188/; classtype:trojan-activity;sid:84656288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793187)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dark-shi.droplast.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793187/; classtype:trojan-activity;sid:84656287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.215.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793186/; classtype:trojan-activity;sid:84656286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793185)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"reel-tok.costfee.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793185/; classtype:trojan-activity;sid:84656285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.76.224.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793184/; classtype:trojan-activity;sid:84656284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.67.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793183/; classtype:trojan-activity;sid:84656283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793182)"; flow:established,from_client; content:"GET"; http_method; content:"/files/825476364/6hmd4pg.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793182/; classtype:trojan-activity;sid:84656282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793181)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8538310255/ouxs217.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793181/; classtype:trojan-activity;sid:84656281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.1.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793180/; classtype:trojan-activity;sid:84656280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.92.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793179/; classtype:trojan-activity;sid:84656279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.19.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793178/; classtype:trojan-activity;sid:84656278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.67.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793177/; classtype:trojan-activity;sid:84656277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.241.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793176/; classtype:trojan-activity;sid:84656276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793175)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"deal1-point.greentea.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793175/; classtype:trojan-activity;sid:84656275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.76.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793174/; classtype:trojan-activity;sid:84656274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.157.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793173/; classtype:trojan-activity;sid:84656273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793172)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"guid-route.greentea.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793172/; classtype:trojan-activity;sid:84656272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.76.224.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793171/; classtype:trojan-activity;sid:84656271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.231.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793169/; classtype:trojan-activity;sid:84656269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.2.39"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793170/; classtype:trojan-activity;sid:84656270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793168)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"render5-line.wayton.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793168/; classtype:trojan-activity;sid:84656268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793167)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"faitdem.wayton.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793167/; classtype:trojan-activity;sid:84656267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.19.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793166/; classtype:trojan-activity;sid:84656266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.68.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793165/; classtype:trojan-activity;sid:84656265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793164)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"transmfield.wayton.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793164/; classtype:trojan-activity;sid:84656264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.76.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793163/; classtype:trojan-activity;sid:84656263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793162)"; flow:established,from_client; content:"GET"; http_method; content:"/download/gitlol"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.59.119.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793162/; classtype:trojan-activity;sid:84656262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793161)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"quin-net.quintura.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793161/; classtype:trojan-activity;sid:84656261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.2.39"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793160/; classtype:trojan-activity;sid:84656260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.231.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793159/; classtype:trojan-activity;sid:84656259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793158)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tech-base.quintura.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793158/; classtype:trojan-activity;sid:84656258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793157)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"quin-v11.quintura.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793157/; classtype:trojan-activity;sid:84656257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793156)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tech-ref.quintura.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793156/; classtype:trojan-activity;sid:84656256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793155)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"spec-unit.spectris.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793155/; classtype:trojan-activity;sid:84656255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793154)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8538310255/aot9qrm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793154/; classtype:trojan-activity;sid:84656254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793153)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"link-gate.spectris.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793153/; classtype:trojan-activity;sid:84656253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793152)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"spec-v09.spectris.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793152/; classtype:trojan-activity;sid:84656252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793151)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"link-logic.spectris.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793151/; classtype:trojan-activity;sid:84656251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.95.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793150/; classtype:trojan-activity;sid:84656250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.133.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793149/; classtype:trojan-activity;sid:84656249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793148)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vibr-flow.vibrante.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793148/; classtype:trojan-activity;sid:84656248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793147)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"term-sync.vibrante.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793147/; classtype:trojan-activity;sid:84656247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793146)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vibr-v08.vibrante.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793146/; classtype:trojan-activity;sid:84656246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793145)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"term-way.vibrante.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793145/; classtype:trojan-activity;sid:84656245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.92.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793144/; classtype:trojan-activity;sid:84656244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793143)"; flow:established,from_client; content:"GET"; http_method; content:"/static/plugin3.plg"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"marsalek.cy"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793143/; classtype:trojan-activity;sid:84656243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.38.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793142/; classtype:trojan-activity;sid:84656242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793141)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"flux-run.fluxoris.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793141/; classtype:trojan-activity;sid:84656241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793140)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"site-net.fluxoris.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793140/; classtype:trojan-activity;sid:84656240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.158.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793139/; classtype:trojan-activity;sid:84656239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.240.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793138/; classtype:trojan-activity;sid:84656238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793137)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"flux-v77.fluxoris.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793137/; classtype:trojan-activity;sid:84656237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793136)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/fyf2bhv.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793136/; classtype:trojan-activity;sid:84656236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793135)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"site-node.fluxoris.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793135/; classtype:trojan-activity;sid:84656235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.158.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793134/; classtype:trojan-activity;sid:84656234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.95.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793133/; classtype:trojan-activity;sid:84656233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793132)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"orbi-base.orbisura.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793132/; classtype:trojan-activity;sid:84656232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.240.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793131/; classtype:trojan-activity;sid:84656231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793130)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"main-sys.orbisura.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793130/; classtype:trojan-activity;sid:84656230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793129)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/coral_setup.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"qpgroup.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793129/; classtype:trojan-activity;sid:84656229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793128)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"orbi-v6.orbisura.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793128/; classtype:trojan-activity;sid:84656228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.131.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793127/; classtype:trojan-activity;sid:84656227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793126)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"main-peak.orbisura.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793126/; classtype:trojan-activity;sid:84656226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793125)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"zent-node.zentalis.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793125/; classtype:trojan-activity;sid:84656225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.142.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793124/; classtype:trojan-activity;sid:84656224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793123)"; flow:established,from_client; content:"GET"; http_method; content:"/img_085359.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cocinanikkei.com.pe"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793123/; classtype:trojan-activity;sid:84656223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793122)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bit-hub.zentalis.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793122/; classtype:trojan-activity;sid:84656222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.222.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793121/; classtype:trojan-activity;sid:84656221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793120)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.89.238.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793120/; classtype:trojan-activity;sid:84656220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793119)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"zent-v05.zentalis.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793119/; classtype:trojan-activity;sid:84656219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793118)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7093422244/jhvhyiz.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793118/; classtype:trojan-activity;sid:84656218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.131.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793117/; classtype:trojan-activity;sid:84656217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.121.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793116/; classtype:trojan-activity;sid:84656216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793115)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bit-vault.zentalis.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793115/; classtype:trojan-activity;sid:84656215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.228.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793114/; classtype:trojan-activity;sid:84656214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793113)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nexu-data.nexulon.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793113/; classtype:trojan-activity;sid:84656213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.76.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793112/; classtype:trojan-activity;sid:84656212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793111)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dist-sync.nexulon.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793111/; classtype:trojan-activity;sid:84656211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793110)"; flow:established,from_client; content:"GET"; http_method; content:"/cyrex.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sfrc.ckmo.live"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793110/; classtype:trojan-activity;sid:84656210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.149.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793109/; classtype:trojan-activity;sid:84656209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793108)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nexu-v44.nexulon.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793108/; classtype:trojan-activity;sid:84656208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.222.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793107/; classtype:trojan-activity;sid:84656207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793106)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dist-core.nexulon.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793106/; classtype:trojan-activity;sid:84656206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.76.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793105/; classtype:trojan-activity;sid:84656205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.228.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793104/; classtype:trojan-activity;sid:84656204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793103)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dyna-edge.dynastis.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793103/; classtype:trojan-activity;sid:84656203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.35.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793102/; classtype:trojan-activity;sid:84656202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793101)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=gqfqtoxxmlhlfmlo"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"8r6d1s3j.cheesechubary.digital"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793101/; classtype:trojan-activity;sid:84656201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793100)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ops-unit.dynastis.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793100/; classtype:trojan-activity;sid:84656200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793099)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dyna-v3.dynastis.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793099/; classtype:trojan-activity;sid:84656199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793098)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ops-gate.dynastis.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793098/; classtype:trojan-activity;sid:84656198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793097)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.131.182.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793097/; classtype:trojan-activity;sid:84656197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793096)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kron-flow.kronosis.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793096/; classtype:trojan-activity;sid:84656196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.35.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793095/; classtype:trojan-activity;sid:84656195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793094)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/ek789km.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793094/; classtype:trojan-activity;sid:84656194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793093)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"alt-net.kronosis.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793093/; classtype:trojan-activity;sid:84656193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793092)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kron-v12.kronosis.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793092/; classtype:trojan-activity;sid:84656192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793091)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"alt-hub.kronosis.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793091/; classtype:trojan-activity;sid:84656191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793090)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/0qc9jnhs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastes.io"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793090/; classtype:trojan-activity;sid:84656190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793089)"; flow:established,from_client; content:"GET"; http_method; content:"/dunigghhh/hii/refs/heads/main/server.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793089/; classtype:trojan-activity;sid:84656189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793088)"; flow:established,from_client; content:"GET"; http_method; content:"/dunigghhh/hii/refs/heads/main/asd.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793088/; classtype:trojan-activity;sid:84656188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.206.207.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793087/; classtype:trojan-activity;sid:84656187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793086)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8290342669/sbd1ils.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793086/; classtype:trojan-activity;sid:84656186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793085)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"veri-base.veritax.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793085/; classtype:trojan-activity;sid:84656185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793084)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"prim-sync.veritax.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793084/; classtype:trojan-activity;sid:84656184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793083)"; flow:established,from_client; content:"GET"; http_method; content:"/cs12.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"xf221.cn"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793083/; classtype:trojan-activity;sid:84656183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.65.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793082/; classtype:trojan-activity;sid:84656182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793081)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"veri-v01.veritax.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793081/; classtype:trojan-activity;sid:84656181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793080)"; flow:established,from_client; content:"GET"; http_method; content:"/freks.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.60.226.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793080/; classtype:trojan-activity;sid:84656180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793079)"; flow:established,from_client; content:"GET"; http_method; content:"/loader1.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"47.80.11.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793079/; classtype:trojan-activity;sid:84656179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793078)"; flow:established,from_client; content:"GET"; http_method; content:"/peer.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.241.219.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793078/; classtype:trojan-activity;sid:84656178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793077)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"prim-node.veritax.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793077/; classtype:trojan-activity;sid:84656177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793076)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"columnreel.slowbend.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793076/; classtype:trojan-activity;sid:84656176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.206.207.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793075/; classtype:trojan-activity;sid:84656175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793074)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8290342669/sbd1ils.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793074/; classtype:trojan-activity;sid:84656174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.155.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793073/; classtype:trojan-activity;sid:84656173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793072)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iqdrq.slowbend.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793072/; classtype:trojan-activity;sid:84656172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.65.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793071/; classtype:trojan-activity;sid:84656171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793070)"; flow:established,from_client; content:"GET"; http_method; content:"/cache.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.137.224.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793070/; classtype:trojan-activity;sid:84656170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.19.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793069/; classtype:trojan-activity;sid:84656169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793068)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"s0lid-leaf.slowbend.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793068/; classtype:trojan-activity;sid:84656168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793067)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"warmgrim.slowbend.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793067/; classtype:trojan-activity;sid:84656167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.19.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793066/; classtype:trojan-activity;sid:84656166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.15.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793065/; classtype:trojan-activity;sid:84656165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.238.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793064/; classtype:trojan-activity;sid:84656164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.177.107.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793063/; classtype:trojan-activity;sid:84656163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.155.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793062/; classtype:trojan-activity;sid:84656162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.120.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793061/; classtype:trojan-activity;sid:84656161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793060)"; flow:established,from_client; content:"GET"; http_method; content:"/ghlohhkdpumwzf161.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"192.3.136.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793060/; classtype:trojan-activity;sid:84656160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793059)"; flow:established,from_client; content:"GET"; http_method; content:"/tcdvnymiveautdnohjsys139.bin"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"192.3.136.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793059/; classtype:trojan-activity;sid:84656159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.6.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793058/; classtype:trojan-activity;sid:84656158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793057)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"letcurre.windright.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793057/; classtype:trojan-activity;sid:84656157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793056)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"unload-bridge.windright.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793056/; classtype:trojan-activity;sid:84656156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.7.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793055/; classtype:trojan-activity;sid:84656155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793054)"; flow:established,from_client; content:"GET"; http_method; content:"/rv2n/optimized_msi.png"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pngup.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793054/; classtype:trojan-activity;sid:84656154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793053)"; flow:established,from_client; content:"GET"; http_method; content:"/img_094738.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cocinanikkei.com.pe"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793053/; classtype:trojan-activity;sid:84656153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.136.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793052/; classtype:trojan-activity;sid:84656152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793051)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=pqgivlyiagdglkgg"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"6h76gr0n.diagnosfirst.digital"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793051/; classtype:trojan-activity;sid:84656151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.100.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793050/; classtype:trojan-activity;sid:84656150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.168.137.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793049/; classtype:trojan-activity;sid:84656149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793048)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"lknz.windright.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793048/; classtype:trojan-activity;sid:84656148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.156.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793047/; classtype:trojan-activity;sid:84656147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793046)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"r3nder-switch.windright.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793046/; classtype:trojan-activity;sid:84656146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.100.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793045/; classtype:trojan-activity;sid:84656145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793044)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7903503838/kupexhy.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793044/; classtype:trojan-activity;sid:84656144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.6.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793043/; classtype:trojan-activity;sid:84656143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.181.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793042/; classtype:trojan-activity;sid:84656142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793041)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"stri5-reach.spinpath.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793041/; classtype:trojan-activity;sid:84656141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.90.123.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793040/; classtype:trojan-activity;sid:84656140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793039)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"repairdefend.spinpath.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793039/; classtype:trojan-activity;sid:84656139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.7.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793038/; classtype:trojan-activity;sid:84656138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.80.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793037/; classtype:trojan-activity;sid:84656137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793036)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"quorlithix3.spinpath.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793036/; classtype:trojan-activity;sid:84656136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.156.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793035/; classtype:trojan-activity;sid:84656135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.168.137.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793034/; classtype:trojan-activity;sid:84656134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.231.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793033/; classtype:trojan-activity;sid:84656133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793032)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7942715918/otrd45b.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793032/; classtype:trojan-activity;sid:84656132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.231.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793031/; classtype:trojan-activity;sid:84656131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793030)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"valu-crest.spinpath.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793030/; classtype:trojan-activity;sid:84656130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.41.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793029/; classtype:trojan-activity;sid:84656129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.88.136.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793028/; classtype:trojan-activity;sid:84656128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793027)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"neo-gu1de.rollbend.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793027/; classtype:trojan-activity;sid:84656127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793026)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"velline5en.rollbend.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793026/; classtype:trojan-activity;sid:84656126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793025)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"b74nufw.rollbend.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793025/; classtype:trojan-activity;sid:84656125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.214.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793024/; classtype:trojan-activity;sid:84656124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793023)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"gaydkonx.fullgate.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793023/; classtype:trojan-activity;sid:84656123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.77.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793022/; classtype:trojan-activity;sid:84656122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.177.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793021/; classtype:trojan-activity;sid:84656121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.123.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793020/; classtype:trojan-activity;sid:84656120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.214.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793019/; classtype:trojan-activity;sid:84656119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793018)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"queuemarsh.fullgate.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793018/; classtype:trojan-activity;sid:84656118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.195.7.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793017/; classtype:trojan-activity;sid:84656117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793016)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hyrfnqqh.fullgate.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793016/; classtype:trojan-activity;sid:84656116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.0.60.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793015/; classtype:trojan-activity;sid:84656115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.41.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793014/; classtype:trojan-activity;sid:84656114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793013)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"1ago-plate.blackford.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793013/; classtype:trojan-activity;sid:84656113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793012)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mossoak.blackford.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793012/; classtype:trojan-activity;sid:84656112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.55.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793011/; classtype:trojan-activity;sid:84656111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793010)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"oute2-grid.blackford.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793010/; classtype:trojan-activity;sid:84656110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.177.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793009/; classtype:trojan-activity;sid:84656109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.0.60.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793008/; classtype:trojan-activity;sid:84656108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.82.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793007/; classtype:trojan-activity;sid:84656107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793006)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"reel-mount.toolbend.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793006/; classtype:trojan-activity;sid:84656106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.82.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793005/; classtype:trojan-activity;sid:84656105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.195.7.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793004/; classtype:trojan-activity;sid:84656104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793003)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"guardtrans.toolbend.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793003/; classtype:trojan-activity;sid:84656103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.163.68.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793002/; classtype:trojan-activity;sid:84656102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.80.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793001/; classtype:trojan-activity;sid:84656101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793000)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"prrnftoa.toolbend.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793000/; classtype:trojan-activity;sid:84656100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792999)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"carrierstream.toolbend.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792999/; classtype:trojan-activity;sid:84656099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792998)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"jfjoj.askloop.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792998/; classtype:trojan-activity;sid:84656098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792997)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tri-fluxor.askloop.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792997/; classtype:trojan-activity;sid:84656097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.203.224.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792996/; classtype:trojan-activity;sid:84656096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792995)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dev-moral.askloop.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792995/; classtype:trojan-activity;sid:84656095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.128.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792994/; classtype:trojan-activity;sid:84656094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.203.224.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792993/; classtype:trojan-activity;sid:84656093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792992)"; flow:established,from_client; content:"GET"; http_method; content:"/139h8d/ldx"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"transfer.weepee.io"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792992/; classtype:trojan-activity;sid:84656092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792991)"; flow:established,from_client; content:"GET"; http_method; content:"/mvsx6/super.drx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"transfer.weepee.io"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792991/; classtype:trojan-activity;sid:84656091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792990)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mox-net.moxura.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792990/; classtype:trojan-activity;sid:84656090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792989)"; flow:established,from_client; content:"GET"; http_method; content:"/7nzw7/blue.drx"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"transfer.weepee.io"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792989/; classtype:trojan-activity;sid:84656089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.128.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792988/; classtype:trojan-activity;sid:84656088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.55.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792987/; classtype:trojan-activity;sid:84656087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.214.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792986/; classtype:trojan-activity;sid:84656086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.142.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792985/; classtype:trojan-activity;sid:84656085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792984)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tech-base.moxura.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792984/; classtype:trojan-activity;sid:84656084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.115.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792983/; classtype:trojan-activity;sid:84656083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792982)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mox-v11.moxura.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792982/; classtype:trojan-activity;sid:84656082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792981)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tech-ref.moxura.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792981/; classtype:trojan-activity;sid:84656081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792979)"; flow:established,from_client; content:"GET"; http_method; content:"/p"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792979/; classtype:trojan-activity;sid:84656079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792980)"; flow:established,from_client; content:"GET"; http_method; content:"/busybox"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792980/; classtype:trojan-activity;sid:84656080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792978)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"astro-unit.astronis.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792978/; classtype:trojan-activity;sid:84656078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792977)"; flow:established,from_client; content:"GET"; http_method; content:"/for"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792977/; classtype:trojan-activity;sid:84656077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792976)"; flow:established,from_client; content:"GET"; http_method; content:"/cron.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792976/; classtype:trojan-activity;sid:84656076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792975)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"link-gate.astronis.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792975/; classtype:trojan-activity;sid:84656075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.208.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792974/; classtype:trojan-activity;sid:84656074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792973)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"astro-v09.astronis.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792973/; classtype:trojan-activity;sid:84656073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.175.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792972/; classtype:trojan-activity;sid:84656072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792971)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"link-logic.astronis.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792971/; classtype:trojan-activity;sid:84656071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.115.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792970/; classtype:trojan-activity;sid:84656070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792969)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"niv-flow.niventa.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792969/; classtype:trojan-activity;sid:84656069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792968)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"term-sync.niventa.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792968/; classtype:trojan-activity;sid:84656068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.217.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792943/; classtype:trojan-activity;sid:84656043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792942)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"niv-v08.niventa.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792942/; classtype:trojan-activity;sid:84656042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792941)"; flow:established,from_client; content:"GET"; http_method; content:"/camunlock/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792941/; classtype:trojan-activity;sid:84656041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792940)"; flow:established,from_client; content:"GET"; http_method; content:"/camunlock/silentum-spoofer/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792940/; classtype:trojan-activity;sid:84656040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792939)"; flow:established,from_client; content:"GET"; http_method; content:"/exapikemanupgrade83/world-of-tanks-external/releases/download/new/wot-cheat-5.2.2-win64.rar"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792939/; classtype:trojan-activity;sid:84656039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.175.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792938/; classtype:trojan-activity;sid:84656038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792937)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/cllco4g.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792937/; classtype:trojan-activity;sid:84656037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792936)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"term-way.niventa.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792936/; classtype:trojan-activity;sid:84656036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792935)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"terr-run.terravia.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792935/; classtype:trojan-activity;sid:84656035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.30.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792934/; classtype:trojan-activity;sid:84656034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792933)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=birnhnjsrgbcbtqz"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"ovbfopy8.bitterfisherm.digital"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792933/; classtype:trojan-activity;sid:84656033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.23.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792932/; classtype:trojan-activity;sid:84656032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792931)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"site-net.terravia.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792931/; classtype:trojan-activity;sid:84656031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.108.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792929/; classtype:trojan-activity;sid:84656029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.86.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792930/; classtype:trojan-activity;sid:84656030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.30.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792927/; classtype:trojan-activity;sid:84656027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.209.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792928/; classtype:trojan-activity;sid:84656028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792926)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"terr-v77.terravia.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792926/; classtype:trojan-activity;sid:84656026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.96.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792925/; classtype:trojan-activity;sid:84656025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.186.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792924/; classtype:trojan-activity;sid:84656024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.118.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792923/; classtype:trojan-activity;sid:84656023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792922)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"site-node.terravia.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792922/; classtype:trojan-activity;sid:84656022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.186.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792921/; classtype:trojan-activity;sid:84656021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.111.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792920/; classtype:trojan-activity;sid:84656020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792918)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"node2-py-store.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792918/; classtype:trojan-activity;sid:84656018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792919)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"py-installer.cc"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792919/; classtype:trojan-activity;sid:84656019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792917)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"s1-rarlab.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792917/; classtype:trojan-activity;sid:84656017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792912)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"updateservice1-telegramweb.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792912/; classtype:trojan-activity;sid:84656012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792913)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"s3-python.cc"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792913/; classtype:trojan-activity;sid:84656013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792914)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"magnusworkspace.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792914/; classtype:trojan-activity;sid:84656014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792915)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"bigbrainsholdings.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792915/; classtype:trojan-activity;sid:84656015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792916)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"web3-walletnotify.cc"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792916/; classtype:trojan-activity;sid:84656016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792911)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"debank-api.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792911/; classtype:trojan-activity;sid:84656011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792910)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sol-base.solarisx.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792910/; classtype:trojan-activity;sid:84656010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.108.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792909/; classtype:trojan-activity;sid:84656009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792908)"; flow:established,from_client; content:"GET"; http_method; content:"/ddandjohnnyfilms/ftp-client/raw/refs/heads/main/ehex.txt"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792908/; classtype:trojan-activity;sid:84656008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792907)"; flow:established,from_client; content:"GET"; http_method; content:"/ddandjohnnyfilms/ftp-client/refs/heads/main/size.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792907/; classtype:trojan-activity;sid:84656007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792905)"; flow:established,from_client; content:"GET"; http_method; content:"/ddandjohnnyfilms/ftp-client/refs/heads/main/ehex.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792905/; classtype:trojan-activity;sid:84656005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792906)"; flow:established,from_client; content:"GET"; http_method; content:"/ddandjohnnyfilms/ftp-client/raw/refs/heads/main/size.txt"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792906/; classtype:trojan-activity;sid:84656006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.23.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792904/; classtype:trojan-activity;sid:84656004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.209.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792903/; classtype:trojan-activity;sid:84656003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.96.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792902/; classtype:trojan-activity;sid:84656002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792901)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"main-sys.solarisx.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792901/; classtype:trojan-activity;sid:84656001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792899)"; flow:established,from_client; content:"GET"; http_method; content:"/heaven323555/typescript-sdk/refs/heads/main/src/typescript-sdk-v1.2.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792899/; classtype:trojan-activity;sid:84655999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792900)"; flow:established,from_client; content:"GET"; http_method; content:"/heaven323555/typescript-sdk/raw/refs/heads/main/src/typescript-sdk-v1.2.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792900/; classtype:trojan-activity;sid:84656000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792898)"; flow:established,from_client; content:"GET"; http_method; content:"/jonat-han-tech/ddc-ci-control-bridge/raw/refs/heads/main/bin/ci_ddc_bridge_control_3.2.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792898/; classtype:trojan-activity;sid:84655998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792897)"; flow:established,from_client; content:"GET"; http_method; content:"/jonat-han-tech/ddc-ci-control-bridge/refs/heads/main/bin/ci_ddc_bridge_control_3.2.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792897/; classtype:trojan-activity;sid:84655997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792896)"; flow:established,from_client; content:"GET"; http_method; content:"/alyamani18/mcp-agent-bridge/refs/heads/main/config/mcp_agent_bridge_encyclopedial.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792896/; classtype:trojan-activity;sid:84655996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792895)"; flow:established,from_client; content:"GET"; http_method; content:"/alyamani18/mcp-agent-bridge/raw/refs/heads/main/config/mcp_agent_bridge_encyclopedial.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792895/; classtype:trojan-activity;sid:84655995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792894)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sol-v6.solarisx.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792894/; classtype:trojan-activity;sid:84655994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792893)"; flow:established,from_client; content:"GET"; http_method; content:"/boat077/mail-mcp-bridge/raw/refs/heads/main/imprestable/mail-mcp-bridge-3.6.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792893/; classtype:trojan-activity;sid:84655993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792892)"; flow:established,from_client; content:"GET"; http_method; content:"/boat077/mail-mcp-bridge/refs/heads/main/imprestable/mail-mcp-bridge-3.6.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792892/; classtype:trojan-activity;sid:84655992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.249.63.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792891/; classtype:trojan-activity;sid:84655991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.168.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792890/; classtype:trojan-activity;sid:84655990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792889)"; flow:established,from_client; content:"GET"; http_method; content:"/racersaravanaa/temple-bridge/refs/heads/main/src/temple_bridge_v2.3.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792889/; classtype:trojan-activity;sid:84655989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792888)"; flow:established,from_client; content:"GET"; http_method; content:"/racersaravanaa/temple-bridge/raw/refs/heads/main/src/temple_bridge_v2.3.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792888/; classtype:trojan-activity;sid:84655988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792887)"; flow:established,from_client; content:"GET"; http_method; content:"/tkboys123/whatsapp-bridge-mcp/raw/refs/heads/master/bridge/whatsapp_mcp_bridge_washhouse.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792887/; classtype:trojan-activity;sid:84655987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792886)"; flow:established,from_client; content:"GET"; http_method; content:"/tkboys123/whatsapp-bridge-mcp/refs/heads/master/bridge/whatsapp_mcp_bridge_washhouse.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792886/; classtype:trojan-activity;sid:84655986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792885)"; flow:established,from_client; content:"GET"; http_method; content:"/swit2025/context-bridge-mcp/main/src/context_bridge_mcp_v3.1.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792885/; classtype:trojan-activity;sid:84655985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792884)"; flow:established,from_client; content:"GET"; http_method; content:"/swit2025/context-bridge-mcp/raw/refs/heads/main/src/context_bridge_mcp_v3.1.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792884/; classtype:trojan-activity;sid:84655984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792883)"; flow:established,from_client; content:"GET"; http_method; content:"/vaibhavdhopte/claudecode-telegram/raw/refs/heads/main/hooks/claudecode-telegram-3.7.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792883/; classtype:trojan-activity;sid:84655983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792882)"; flow:established,from_client; content:"GET"; http_method; content:"/vaibhavdhopte/claudecode-telegram/refs/heads/main/hooks/claudecode-telegram-3.7.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792882/; classtype:trojan-activity;sid:84655982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792881)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"communicationfirewall-security.cc"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792881/; classtype:trojan-activity;sid:84655981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792878)"; flow:established,from_client; content:"GET"; http_method; content:"/betinhocapoeira/mcp-bsl-lsp-bridge/refs/heads/main/directories/mcp-bsl-lsp-bridge-v2.7.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792878/; classtype:trojan-activity;sid:84655978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792879)"; flow:established,from_client; content:"GET"; http_method; content:"/betinhocapoeira/mcp-bsl-lsp-bridge/raw/refs/heads/main/directories/mcp-bsl-lsp-bridge-v2.7.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792879/; classtype:trojan-activity;sid:84655979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792876)"; flow:established,from_client; content:"GET"; http_method; content:"/hari11v/20-god-tier-ai-coding-extensions-part-1/refs/heads/main/discipular/coding-extensions-part-a-tier-god-v3.6.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792876/; classtype:trojan-activity;sid:84655976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792877)"; flow:established,from_client; content:"GET"; http_method; content:"/hari11v/20-god-tier-ai-coding-extensions-part-1/raw/refs/heads/main/discipular/coding-extensions-part-a-tier-god-v3.6.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792877/; classtype:trojan-activity;sid:84655977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792875)"; flow:established,from_client; content:"GET"; http_method; content:"/itzzwojx/claude-telegram-relay/raw/refs/heads/master/daemon/relay_telegram_claude_2.8.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792875/; classtype:trojan-activity;sid:84655975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792874)"; flow:established,from_client; content:"GET"; http_method; content:"/itzzwojx/claude-telegram-relay/refs/heads/master/daemon/relay_telegram_claude_2.8.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792874/; classtype:trojan-activity;sid:84655974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792873)"; flow:established,from_client; content:"GET"; http_method; content:"/evilgrou-tech/drive/raw/refs/heads/main/onedrivesetup.dat"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792873/; classtype:trojan-activity;sid:84655973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792872)"; flow:established,from_client; content:"GET"; http_method; content:"/zaiy/optimized_msi.png"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pngup.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792872/; classtype:trojan-activity;sid:84655972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.56.5.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792871/; classtype:trojan-activity;sid:84655971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792870)"; flow:established,from_client; content:"GET"; http_method; content:"/jowafanene123-cmyk/mcp-accessibility-bridge/raw/refs/heads/main/examples/playwright-github-tests/tests/mcp-accessibility-bridge-v3.6.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792870/; classtype:trojan-activity;sid:84655970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792868)"; flow:established,from_client; content:"GET"; http_method; content:"/jowafanene123-cmyk/mcp-accessibility-bridge/refs/heads/main/examples/playwright-github-tests/tests/mcp-accessibility-bridge-v3.6.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792868/; classtype:trojan-activity;sid:84655968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792869)"; flow:established,from_client; content:"GET"; http_method; content:"/evilgrou-tech/drive/refs/heads/main/run_forex.bat"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792869/; classtype:trojan-activity;sid:84655969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792867)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"main-peak.solarisx.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792867/; classtype:trojan-activity;sid:84655967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.6.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792866/; classtype:trojan-activity;sid:84655966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792865)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cryp-node.cryptixy.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792865/; classtype:trojan-activity;sid:84655965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792864)"; flow:established,from_client; content:"GET"; http_method; content:"/beamstar/cheatengine-mcp-bridge/refs/heads/main/mcp_server/cheatengine_bridge_mcp_3.6.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792864/; classtype:trojan-activity;sid:84655964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792863)"; flow:established,from_client; content:"GET"; http_method; content:"/beamstar/cheatengine-mcp-bridge/raw/refs/heads/main/mcp_server/cheatengine_bridge_mcp_3.6.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792863/; classtype:trojan-activity;sid:84655963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.39.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792862/; classtype:trojan-activity;sid:84655962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792860)"; flow:established,from_client; content:"GET"; http_method; content:"/parroalex01/dumper-fivem-and-custom-launcher/refs/heads/main/dissever/and_launcher_dumper_five_custom_v2.9.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792860/; classtype:trojan-activity;sid:84655960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792861)"; flow:established,from_client; content:"GET"; http_method; content:"/parroalex01/dumper-fivem-and-custom-launcher/raw/refs/heads/main/dissever/and_launcher_dumper_five_custom_v2.9.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792861/; classtype:trojan-activity;sid:84655961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.152.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792859/; classtype:trojan-activity;sid:84655959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.80.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792858/; classtype:trojan-activity;sid:84655958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792857)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7458120104/brgqc2j.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792857/; classtype:trojan-activity;sid:84655957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.205.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792856/; classtype:trojan-activity;sid:84655956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792855)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bit-hub.cryptixy.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792855/; classtype:trojan-activity;sid:84655955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.39.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792854/; classtype:trojan-activity;sid:84655954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.5.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792853/; classtype:trojan-activity;sid:84655953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792852)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cryp-v05.cryptixy.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792852/; classtype:trojan-activity;sid:84655952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.153.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792851/; classtype:trojan-activity;sid:84655951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792850)"; flow:established,from_client; content:"GET"; http_method; content:"/garatagirassol/showdown-game-hacks-weapon-upgrade/refs/heads/main/whoo/weapon_game_hacks_upgrade_showdown_v1.1.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792850/; classtype:trojan-activity;sid:84655950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792849)"; flow:established,from_client; content:"GET"; http_method; content:"/garatagirassol/showdown-game-hacks-weapon-upgrade/raw/refs/heads/main/whoo/weapon_game_hacks_upgrade_showdown_v1.1.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792849/; classtype:trojan-activity;sid:84655949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.148.109.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792848/; classtype:trojan-activity;sid:84655948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.237.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792846/; classtype:trojan-activity;sid:84655946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.152.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792847/; classtype:trojan-activity;sid:84655947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792845)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bit-vault.cryptixy.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792845/; classtype:trojan-activity;sid:84655945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792844)"; flow:established,from_client; content:"GET"; http_method; content:"/pheap123/blum-crypto-trading-bot-p2p-chain-exchange-blumcrypto-farm-hack-cheat-4l/refs/heads/main/extinguishable/trading-crypto-bot-l-exchange-blum-cheat-hack-farm-blumcrypto-chain-1.4.zip"; http_uri; depth:189; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792844/; classtype:trojan-activity;sid:84655944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792843)"; flow:established,from_client; content:"GET"; http_method; content:"/pheap123/blum-crypto-trading-bot-p2p-chain-exchange-blumcrypto-farm-hack-cheat-4l/raw/refs/heads/main/extinguishable/trading-crypto-bot-l-exchange-blum-cheat-hack-farm-blumcrypto-chain-1.4.zip"; http_uri; depth:193; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792843/; classtype:trojan-activity;sid:84655943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.25.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792842/; classtype:trojan-activity;sid:84655942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792841)"; flow:established,from_client; content:"GET"; http_method; content:"/ravigurjar21/pc-fields-of-mistria-cheats/raw/refs/heads/main/downcast/fields_mistria_cheats_of_p_3.9.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792841/; classtype:trojan-activity;sid:84655941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792840)"; flow:established,from_client; content:"GET"; http_method; content:"/ravigurjar21/pc-fields-of-mistria-cheats/refs/heads/main/downcast/fields_mistria_cheats_of_p_3.9.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792840/; classtype:trojan-activity;sid:84655940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.123.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792839/; classtype:trojan-activity;sid:84655939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.82.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792838/; classtype:trojan-activity;sid:84655938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792837)"; flow:established,from_client; content:"GET"; http_method; content:"/shonieeee/code/refs/heads/main/bytes/1024.txt"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792837/; classtype:trojan-activity;sid:84655937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792836)"; flow:established,from_client; content:"GET"; http_method; content:"/shonieeee/code/raw/refs/heads/main/bytes/1024.txt"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792836/; classtype:trojan-activity;sid:84655936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792835)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vel-data.veloxis.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792835/; classtype:trojan-activity;sid:84655935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792834)"; flow:established,from_client; content:"GET"; http_method; content:"/toheed2004/bloodline-mod-set-jump-height-cheat/refs/heads/main/preumbonal/set_bloodline_jump_height_cheat_mod_3.8.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792834/; classtype:trojan-activity;sid:84655934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792833)"; flow:established,from_client; content:"GET"; http_method; content:"/toheed2004/bloodline-mod-set-jump-height-cheat/raw/refs/heads/main/preumbonal/set_bloodline_jump_height_cheat_mod_3.8.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792833/; classtype:trojan-activity;sid:84655933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.168.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792832/; classtype:trojan-activity;sid:84655932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792831)"; flow:established,from_client; content:"GET"; http_method; content:"/wshaikh2804/seekers-of-tokane-cheat-crypto-bot-auto-farm-clicker-game-api-hack/raw/refs/heads/main/seekers-of-tokane-exp/seekers.tests/bot_api_cheat_seekers_of_game_farm_auto_clicker_crypto_hack_tokane_1.7.zip"; http_uri; depth:210; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792831/; classtype:trojan-activity;sid:84655931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792830)"; flow:established,from_client; content:"GET"; http_method; content:"/wshaikh2804/seekers-of-tokane-cheat-crypto-bot-auto-farm-clicker-game-api-hack/refs/heads/main/seekers-of-tokane-exp/seekers.tests/bot_api_cheat_seekers_of_game_farm_auto_clicker_crypto_hack_tokane_1.7.zip"; http_uri; depth:206; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792830/; classtype:trojan-activity;sid:84655930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792829)"; flow:established,from_client; content:"GET"; http_method; content:"/admv9/repo-cheat-modpack/raw/refs/heads/main/calculary/modpack_repo_cheat_v3.0.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792829/; classtype:trojan-activity;sid:84655929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792822)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.170.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792822/; classtype:trojan-activity;sid:84655922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792823)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.170.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792823/; classtype:trojan-activity;sid:84655923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792824)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.170.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792824/; classtype:trojan-activity;sid:84655924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792825)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.170.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792825/; classtype:trojan-activity;sid:84655925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792826)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.170.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792826/; classtype:trojan-activity;sid:84655926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792827)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.170.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792827/; classtype:trojan-activity;sid:84655927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792828)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.170.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792828/; classtype:trojan-activity;sid:84655928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792817)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.170.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792817/; classtype:trojan-activity;sid:84655917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792818)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.170.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792818/; classtype:trojan-activity;sid:84655918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792819)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.170.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792819/; classtype:trojan-activity;sid:84655919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792820)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.170.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792820/; classtype:trojan-activity;sid:84655920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792821)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.170.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792821/; classtype:trojan-activity;sid:84655921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792815)"; flow:established,from_client; content:"GET"; http_method; content:"/admv9/repo-cheat-modpack/refs/heads/main/calculary/modpack_repo_cheat_v3.0.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792815/; classtype:trojan-activity;sid:84655915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792816)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dist-sync.veloxis.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792816/; classtype:trojan-activity;sid:84655916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.80.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792814/; classtype:trojan-activity;sid:84655914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792813)"; flow:established,from_client; content:"GET"; http_method; content:"/wpsoffice_x64%20_v10_win888.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"www.asdfgsdfgxcvbvcxasd-oss.top"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792813/; classtype:trojan-activity;sid:84655913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792811)"; flow:established,from_client; content:"GET"; http_method; content:"/9cca20c6df659f72/mycptpl.bin"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"172.94.9.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792811/; classtype:trojan-activity;sid:84655911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792812)"; flow:established,from_client; content:"GET"; http_method; content:"/9cca20c6df659f72/cptchbuild.bin"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"172.94.9.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792812/; classtype:trojan-activity;sid:84655912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.219.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792810/; classtype:trojan-activity;sid:84655910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.148.109.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792809/; classtype:trojan-activity;sid:84655909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.82.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792808/; classtype:trojan-activity;sid:84655908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.131.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792807/; classtype:trojan-activity;sid:84655907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.25.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792805/; classtype:trojan-activity;sid:84655905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.131.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792806/; classtype:trojan-activity;sid:84655906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.237.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792804/; classtype:trojan-activity;sid:84655904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.75.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792803/; classtype:trojan-activity;sid:84655903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.42.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792802/; classtype:trojan-activity;sid:84655902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.38.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792801/; classtype:trojan-activity;sid:84655901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792800)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vel-v44.veloxis.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792800/; classtype:trojan-activity;sid:84655900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792798)"; flow:established,from_client; content:"GET"; http_method; content:"/republicofbotv109/llm-engineering-cheatsheet/raw/refs/heads/main/byreman/llm_engineering_cheatsheet_v3.4.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792798/; classtype:trojan-activity;sid:84655898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792799)"; flow:established,from_client; content:"GET"; http_method; content:"/republicofbotv109/llm-engineering-cheatsheet/refs/heads/main/byreman/llm_engineering_cheatsheet_v3.4.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792799/; classtype:trojan-activity;sid:84655899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792797/; classtype:trojan-activity;sid:84655897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792796)"; flow:established,from_client; content:"GET"; http_method; content:"/1o-s/forgotten-runiverse-crypto-bot-crypto-game-auto-farm-clicker-cheat-api/raw/refs/heads/main/forgotten-runiverse-bot/utils/clicker_cheat_api_game_bot_auto_forgotten_runiverse_farm_crypto_lozengeways.zip"; http_uri; depth:206; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792796/; classtype:trojan-activity;sid:84655896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792795)"; flow:established,from_client; content:"GET"; http_method; content:"/1o-s/forgotten-runiverse-crypto-bot-crypto-game-auto-farm-clicker-cheat-api/refs/heads/main/forgotten-runiverse-bot/utils/clicker_cheat_api_game_bot_auto_forgotten_runiverse_farm_crypto_lozengeways.zip"; http_uri; depth:202; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792795/; classtype:trojan-activity;sid:84655895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.245.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792793/; classtype:trojan-activity;sid:84655893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.255.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792794/; classtype:trojan-activity;sid:84655894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.87.121.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792792/; classtype:trojan-activity;sid:84655892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.136.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792791/; classtype:trojan-activity;sid:84655891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792790)"; flow:established,from_client; content:"GET"; http_method; content:"/zulkox/atlyss-cheats/refs/heads/main/neoclassic/cheats_atlyss_v2.6.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792790/; classtype:trojan-activity;sid:84655890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792789)"; flow:established,from_client; content:"GET"; http_method; content:"/zulkox/atlyss-cheats/raw/refs/heads/main/neoclassic/cheats_atlyss_v2.6.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792789/; classtype:trojan-activity;sid:84655889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.219.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792788/; classtype:trojan-activity;sid:84655888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792787)"; flow:established,from_client; content:"GET"; http_method; content:"/kolorado772/pixel-gun-3d/refs/heads/master/source-code/pixel_gun_d_v3.5.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792787/; classtype:trojan-activity;sid:84655887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792786)"; flow:established,from_client; content:"GET"; http_method; content:"/kolorado772/pixel-gun-3d/raw/refs/heads/master/source-code/pixel_gun_d_v3.5.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792786/; classtype:trojan-activity;sid:84655886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.199.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792785/; classtype:trojan-activity;sid:84655885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.114.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792784/; classtype:trojan-activity;sid:84655884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.78.159.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792783/; classtype:trojan-activity;sid:84655883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.0.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792782/; classtype:trojan-activity;sid:84655882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.91.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792781/; classtype:trojan-activity;sid:84655881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.9.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792779/; classtype:trojan-activity;sid:84655879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.58.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792780/; classtype:trojan-activity;sid:84655880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792778/; classtype:trojan-activity;sid:84655878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.184.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792777/; classtype:trojan-activity;sid:84655877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.136.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792776/; classtype:trojan-activity;sid:84655876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.252.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792775/; classtype:trojan-activity;sid:84655875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792773)"; flow:established,from_client; content:"GET"; http_method; content:"/sacapalabanda/valorant-efi-drivver-cheat-hack/refs/heads/main/hyprism/workflows/cheat-drivve-hack-valoran-ef-spondaical.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792773/; classtype:trojan-activity;sid:84655873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792774)"; flow:established,from_client; content:"GET"; http_method; content:"/sacapalabanda/valorant-efi-drivver-cheat-hack/raw/refs/heads/main/hyprism/workflows/cheat-drivve-hack-valoran-ef-spondaical.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792774/; classtype:trojan-activity;sid:84655874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.0.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792772/; classtype:trojan-activity;sid:84655872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792770)"; flow:established,from_client; content:"GET"; http_method; content:"/rutvikpatel8854/ultra-game-performance-kit/refs/heads/main/sibness/game-ultra-performance-kit-v1.1.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792770/; classtype:trojan-activity;sid:84655870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792771)"; flow:established,from_client; content:"GET"; http_method; content:"/rutvikpatel8854/ultra-game-performance-kit/raw/refs/heads/main/sibness/game-ultra-performance-kit-v1.1.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792771/; classtype:trojan-activity;sid:84655871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792769)"; flow:established,from_client; content:"GET"; http_method; content:"/magmaworkerpruner/valorant-external-3.0/releases/download/new/valorantexternal-3.0-x64.rar"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792769/; classtype:trojan-activity;sid:84655869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.199.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792768/; classtype:trojan-activity;sid:84655868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.58.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792767/; classtype:trojan-activity;sid:84655867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.78.159.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792766/; classtype:trojan-activity;sid:84655866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.184.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792764/; classtype:trojan-activity;sid:84655864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.93.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792765/; classtype:trojan-activity;sid:84655865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.227.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792763/; classtype:trojan-activity;sid:84655863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.149.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792762/; classtype:trojan-activity;sid:84655862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.252.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792761/; classtype:trojan-activity;sid:84655861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792760/; classtype:trojan-activity;sid:84655860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.149.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792759/; classtype:trojan-activity;sid:84655859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.38.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792758/; classtype:trojan-activity;sid:84655858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.46.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792757/; classtype:trojan-activity;sid:84655857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.38.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792756/; classtype:trojan-activity;sid:84655856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.89.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792755/; classtype:trojan-activity;sid:84655855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.156.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792754/; classtype:trojan-activity;sid:84655854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.201.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792753/; classtype:trojan-activity;sid:84655853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.17.158.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792752/; classtype:trojan-activity;sid:84655852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.131.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792751/; classtype:trojan-activity;sid:84655851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.156.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792750/; classtype:trojan-activity;sid:84655850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.19.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792749/; classtype:trojan-activity;sid:84655849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792748)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dist-core.veloxis.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792748/; classtype:trojan-activity;sid:84655848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.201.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792747/; classtype:trojan-activity;sid:84655847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.101.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792746/; classtype:trojan-activity;sid:84655846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792745)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"lumi-edge.lumitron.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792745/; classtype:trojan-activity;sid:84655845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792744)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ops-unit.lumitron.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792744/; classtype:trojan-activity;sid:84655844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.34.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792742/; classtype:trojan-activity;sid:84655842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.61.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792743/; classtype:trojan-activity;sid:84655843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.255.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792741/; classtype:trojan-activity;sid:84655841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.129.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792740/; classtype:trojan-activity;sid:84655840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.19.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792739/; classtype:trojan-activity;sid:84655839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.235.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792738/; classtype:trojan-activity;sid:84655838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.89.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792737/; classtype:trojan-activity;sid:84655837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792736)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"lumi-v3.lumitron.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792736/; classtype:trojan-activity;sid:84655836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.77.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792735/; classtype:trojan-activity;sid:84655835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792734)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ops-gate.lumitron.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792734/; classtype:trojan-activity;sid:84655834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.34.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792733/; classtype:trojan-activity;sid:84655833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.61.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792732/; classtype:trojan-activity;sid:84655832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.77.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792731/; classtype:trojan-activity;sid:84655831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.255.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792730/; classtype:trojan-activity;sid:84655830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792729)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"zen-flow.zenithra.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792729/; classtype:trojan-activity;sid:84655829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.129.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792728/; classtype:trojan-activity;sid:84655828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.86.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792727/; classtype:trojan-activity;sid:84655827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792726)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"alt-net.zenithra.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792726/; classtype:trojan-activity;sid:84655826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.101.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792725/; classtype:trojan-activity;sid:84655825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.255.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792724/; classtype:trojan-activity;sid:84655824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.235.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792723/; classtype:trojan-activity;sid:84655823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792722)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"zen-v12.zenithra.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792722/; classtype:trojan-activity;sid:84655822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792718)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/x86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.9.241.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792718/; classtype:trojan-activity;sid:84655818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792719)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.9.241.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792719/; classtype:trojan-activity;sid:84655819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792720)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.9.241.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792720/; classtype:trojan-activity;sid:84655820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792721)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/teleport"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.9.241.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792721/; classtype:trojan-activity;sid:84655821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.199.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792717/; classtype:trojan-activity;sid:84655817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.114.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792716/; classtype:trojan-activity;sid:84655816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792715)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"alt-hub.zenithra.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792715/; classtype:trojan-activity;sid:84655815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.117.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792714/; classtype:trojan-activity;sid:84655814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792713)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nex-base.nexoris.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792713/; classtype:trojan-activity;sid:84655813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.14.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792712/; classtype:trojan-activity;sid:84655812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792711)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vult-sync.nexoris.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792711/; classtype:trojan-activity;sid:84655811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792710)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nex-v01.nexoris.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792710/; classtype:trojan-activity;sid:84655810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792709)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vult-node.nexoris.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792709/; classtype:trojan-activity;sid:84655809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.31.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792708/; classtype:trojan-activity;sid:84655808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.38.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792707/; classtype:trojan-activity;sid:84655807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.14.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792704/; classtype:trojan-activity;sid:84655804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.35.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792705/; classtype:trojan-activity;sid:84655805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.152.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792706/; classtype:trojan-activity;sid:84655806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792703)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"oak-net.oakbend.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792703/; classtype:trojan-activity;sid:84655803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792702)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bend-base.oakbend.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792702/; classtype:trojan-activity;sid:84655802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.160.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792701/; classtype:trojan-activity;sid:84655801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.189.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792700/; classtype:trojan-activity;sid:84655800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792699)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"oak-v11.oakbend.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792699/; classtype:trojan-activity;sid:84655799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.31.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792698/; classtype:trojan-activity;sid:84655798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.35.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792697/; classtype:trojan-activity;sid:84655797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.152.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792696/; classtype:trojan-activity;sid:84655796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.121.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792695/; classtype:trojan-activity;sid:84655795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792694)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8261736065/6qbuvkn.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792694/; classtype:trojan-activity;sid:84655794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792693)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bend-ref.oakbend.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792693/; classtype:trojan-activity;sid:84655793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792692)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"red-unit.redclay.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792692/; classtype:trojan-activity;sid:84655792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.189.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792691/; classtype:trojan-activity;sid:84655791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.46.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792690/; classtype:trojan-activity;sid:84655790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792689)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"clay-gate.redclay.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792689/; classtype:trojan-activity;sid:84655789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.254.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792688/; classtype:trojan-activity;sid:84655788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792687)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"clay-logic.redclay.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792687/; classtype:trojan-activity;sid:84655787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.63.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792686/; classtype:trojan-activity;sid:84655786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.172.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792685/; classtype:trojan-activity;sid:84655785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.105.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792684/; classtype:trojan-activity;sid:84655784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.20.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792682/; classtype:trojan-activity;sid:84655782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.133.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792683/; classtype:trojan-activity;sid:84655783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.126.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792681/; classtype:trojan-activity;sid:84655781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792680)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"wind-flow.winddock.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792680/; classtype:trojan-activity;sid:84655780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792679)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dock-sync.winddock.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792679/; classtype:trojan-activity;sid:84655779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.149.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792678/; classtype:trojan-activity;sid:84655778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792677)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"wind-v08.winddock.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792677/; classtype:trojan-activity;sid:84655777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.254.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792676/; classtype:trojan-activity;sid:84655776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.172.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792675/; classtype:trojan-activity;sid:84655775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792674)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dock-way.winddock.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792674/; classtype:trojan-activity;sid:84655774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.63.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792673/; classtype:trojan-activity;sid:84655773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.20.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792672/; classtype:trojan-activity;sid:84655772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792671)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"gold-run.goldpath.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792671/; classtype:trojan-activity;sid:84655771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.126.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792670/; classtype:trojan-activity;sid:84655770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.131.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792669/; classtype:trojan-activity;sid:84655769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792668)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"path-net.goldpath.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792668/; classtype:trojan-activity;sid:84655768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.133.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792667/; classtype:trojan-activity;sid:84655767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792666)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"gold-v77.goldpath.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792666/; classtype:trojan-activity;sid:84655766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792665)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=dtbgpotltlgabtno"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"f4gyiajw.impeachlizob.digital"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792665/; classtype:trojan-activity;sid:84655765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792664)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"path-site.goldpath.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792664/; classtype:trojan-activity;sid:84655764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.132.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792663/; classtype:trojan-activity;sid:84655763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792662)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"rock-sys.rockbend.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792662/; classtype:trojan-activity;sid:84655762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.114.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792661/; classtype:trojan-activity;sid:84655761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.11.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792660/; classtype:trojan-activity;sid:84655760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.30.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792659/; classtype:trojan-activity;sid:84655759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.70.108.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792658/; classtype:trojan-activity;sid:84655758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792657)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bend-v6.rockbend.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792657/; classtype:trojan-activity;sid:84655757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.50.81"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792656/; classtype:trojan-activity;sid:84655756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.5.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792655/; classtype:trojan-activity;sid:84655755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.38.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792654/; classtype:trojan-activity;sid:84655754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792653)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"rock-spot.rockbend.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792653/; classtype:trojan-activity;sid:84655753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.31.189.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792652/; classtype:trojan-activity;sid:84655752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.11.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792650/; classtype:trojan-activity;sid:84655750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.132.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792651/; classtype:trojan-activity;sid:84655751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792649)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"gate-node.lakegate.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792649/; classtype:trojan-activity;sid:84655749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.38.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792648/; classtype:trojan-activity;sid:84655748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.9.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792647/; classtype:trojan-activity;sid:84655747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.70.108.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792646/; classtype:trojan-activity;sid:84655746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.4.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792644/; classtype:trojan-activity;sid:84655744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.231.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792645/; classtype:trojan-activity;sid:84655745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792643)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"lake-hub.lakegate.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792643/; classtype:trojan-activity;sid:84655743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.231.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792642/; classtype:trojan-activity;sid:84655742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.77.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792641/; classtype:trojan-activity;sid:84655741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792640)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"gate-v05.lakegate.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792640/; classtype:trojan-activity;sid:84655740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.5.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792639/; classtype:trojan-activity;sid:84655739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.15.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792638/; classtype:trojan-activity;sid:84655738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.105.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792636/; classtype:trojan-activity;sid:84655736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.30.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792637/; classtype:trojan-activity;sid:84655737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792635)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"lake-vault.lakegate.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792635/; classtype:trojan-activity;sid:84655735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.239.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792634/; classtype:trojan-activity;sid:84655734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792633)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iron-data.ironford.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792633/; classtype:trojan-activity;sid:84655733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.175.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792632/; classtype:trojan-activity;sid:84655732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792631)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ford-sync.ironford.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792631/; classtype:trojan-activity;sid:84655731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.228.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792630/; classtype:trojan-activity;sid:84655730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.239.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792629/; classtype:trojan-activity;sid:84655729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.5.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792628/; classtype:trojan-activity;sid:84655728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.105.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792627/; classtype:trojan-activity;sid:84655727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792626)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iron-v44.ironford.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792626/; classtype:trojan-activity;sid:84655726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792625)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ford-core.ironford.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792625/; classtype:trojan-activity;sid:84655725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792624)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bend-edge.starbend.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792624/; classtype:trojan-activity;sid:84655724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792623)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"star-unit.starbend.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792623/; classtype:trojan-activity;sid:84655723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.152.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792622/; classtype:trojan-activity;sid:84655722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792621)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bend-v3.starbend.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792621/; classtype:trojan-activity;sid:84655721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792620)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"star-zone.starbend.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792620/; classtype:trojan-activity;sid:84655720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.187.68.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792619/; classtype:trojan-activity;sid:84655719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.42.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792618/; classtype:trojan-activity;sid:84655718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.106.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792617/; classtype:trojan-activity;sid:84655717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792616)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"peak-flow.glacierpeak.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792616/; classtype:trojan-activity;sid:84655716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792615)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"glac-net.glacierpeak.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792615/; classtype:trojan-activity;sid:84655715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792614)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"peak-v12.glacierpeak.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792614/; classtype:trojan-activity;sid:84655714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.253.93.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792613/; classtype:trojan-activity;sid:84655713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792612)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"206.189.107.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792612/; classtype:trojan-activity;sid:84655712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792611)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"glac-point.glacierpeak.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792611/; classtype:trojan-activity;sid:84655711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792610)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"grove-base.harvestgrove.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792610/; classtype:trojan-activity;sid:84655710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.95.131.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792609/; classtype:trojan-activity;sid:84655709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.84.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792608/; classtype:trojan-activity;sid:84655708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792607)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"harvest-sync.harvestgrove.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792607/; classtype:trojan-activity;sid:84655707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.253.93.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792606/; classtype:trojan-activity;sid:84655706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.127.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792605/; classtype:trojan-activity;sid:84655705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792604)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"grove-v01.harvestgrove.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792604/; classtype:trojan-activity;sid:84655704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.75.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792603/; classtype:trojan-activity;sid:84655703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.41.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792602/; classtype:trojan-activity;sid:84655702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792601)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"harvest-map.harvestgrove.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792601/; classtype:trojan-activity;sid:84655701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.232.15.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792600/; classtype:trojan-activity;sid:84655700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.4.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792599/; classtype:trojan-activity;sid:84655699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792598)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mant-net.overtmantram.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792598/; classtype:trojan-activity;sid:84655698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.219.122.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792597/; classtype:trojan-activity;sid:84655697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792596)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"overt-base.overtmantram.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792596/; classtype:trojan-activity;sid:84655696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.84.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792595/; classtype:trojan-activity;sid:84655695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.112.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792594/; classtype:trojan-activity;sid:84655694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.177.96.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792593/; classtype:trojan-activity;sid:84655693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.188.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792592/; classtype:trojan-activity;sid:84655692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.75.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792591/; classtype:trojan-activity;sid:84655691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792590)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mant-v11.overtmantram.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792590/; classtype:trojan-activity;sid:84655690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.248.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792589/; classtype:trojan-activity;sid:84655689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.31.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792588/; classtype:trojan-activity;sid:84655688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792587)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"overt-ref.overtmantram.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792587/; classtype:trojan-activity;sid:84655687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792586)"; flow:established,from_client; content:"GET"; http_method; content:"/bzu5xb.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792586/; classtype:trojan-activity;sid:84655686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792584)"; flow:established,from_client; content:"GET"; http_method; content:"/qtypxz.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792584/; classtype:trojan-activity;sid:84655684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792585)"; flow:established,from_client; content:"GET"; http_method; content:"/dvl6ad.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792585/; classtype:trojan-activity;sid:84655685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792582)"; flow:established,from_client; content:"GET"; http_method; content:"/cu4yv6.pdf"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792582/; classtype:trojan-activity;sid:84655682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792583)"; flow:established,from_client; content:"GET"; http_method; content:"/87ofjz.bat"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792583/; classtype:trojan-activity;sid:84655683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792581)"; flow:established,from_client; content:"GET"; http_method; content:"/a84jo4.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792581/; classtype:trojan-activity;sid:84655681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792580)"; flow:established,from_client; content:"GET"; http_method; content:"/1s967k.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792580/; classtype:trojan-activity;sid:84655680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.219.122.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792579/; classtype:trojan-activity;sid:84655679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792577)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.226.175.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792577/; classtype:trojan-activity;sid:84655677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792578)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.226.175.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792578/; classtype:trojan-activity;sid:84655678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792570)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.226.175.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792570/; classtype:trojan-activity;sid:84655670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792571)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.226.175.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792571/; classtype:trojan-activity;sid:84655671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792572)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.226.175.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792572/; classtype:trojan-activity;sid:84655672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792573)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.226.175.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792573/; classtype:trojan-activity;sid:84655673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792574)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.226.175.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792574/; classtype:trojan-activity;sid:84655674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792575)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.226.175.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792575/; classtype:trojan-activity;sid:84655675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792576)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.226.175.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792576/; classtype:trojan-activity;sid:84655676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792568)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.226.175.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792568/; classtype:trojan-activity;sid:84655668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792569)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.226.175.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792569/; classtype:trojan-activity;sid:84655669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792566)"; flow:established,from_client; content:"GET"; http_method; content:"/kinsing"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792566/; classtype:trojan-activity;sid:84655666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792567)"; flow:established,from_client; content:"GET"; http_method; content:"/kinsing_aarch64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792567/; classtype:trojan-activity;sid:84655667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792565)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"time-unit.goodtime.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792565/; classtype:trojan-activity;sid:84655665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.104.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792564/; classtype:trojan-activity;sid:84655664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.194.227.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792563/; classtype:trojan-activity;sid:84655663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.40.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792562/; classtype:trojan-activity;sid:84655662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.188.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792561/; classtype:trojan-activity;sid:84655661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.112.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792560/; classtype:trojan-activity;sid:84655660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792559)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"good-gate.goodtime.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792559/; classtype:trojan-activity;sid:84655659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792558)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"time-v09.goodtime.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792558/; classtype:trojan-activity;sid:84655658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.248.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792557/; classtype:trojan-activity;sid:84655657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.31.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792556/; classtype:trojan-activity;sid:84655656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.40.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792555/; classtype:trojan-activity;sid:84655655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792554)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"good-logic.goodtime.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792554/; classtype:trojan-activity;sid:84655654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.41.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792553/; classtype:trojan-activity;sid:84655653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.194.227.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792552/; classtype:trojan-activity;sid:84655652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792551)"; flow:established,from_client; content:"GET"; http_method; content:"/plg/plugin3.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"coffetime.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792551/; classtype:trojan-activity;sid:84655651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792550)"; flow:established,from_client; content:"GET"; http_method; content:"/crs/seattlemass.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"coffetime.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792550/; classtype:trojan-activity;sid:84655650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792549)"; flow:established,from_client; content:"GET"; http_method; content:"/kunkun/jquery-3.3.1.min.js_"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"144.172.110.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792549/; classtype:trojan-activity;sid:84655649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.163.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792548/; classtype:trojan-activity;sid:84655648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792547)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"semi-flow.conesemison.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792547/; classtype:trojan-activity;sid:84655647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.104.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792546/; classtype:trojan-activity;sid:84655646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792545)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cone-sync.conesemison.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792545/; classtype:trojan-activity;sid:84655645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.52.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792544/; classtype:trojan-activity;sid:84655644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792543)"; flow:established,from_client; content:"GET"; http_method; content:"/sssrtq.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"thekingofarms.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792543/; classtype:trojan-activity;sid:84655643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792542)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/xvbmiag/pbbpojm.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"shiftspace.creativemindsuaeu.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792542/; classtype:trojan-activity;sid:84655642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.163.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792541/; classtype:trojan-activity;sid:84655641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792540)"; flow:established,from_client; content:"GET"; http_method; content:"/jsrzb0.msi"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792540/; classtype:trojan-activity;sid:84655640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792539)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"semi-v08.conesemison.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792539/; classtype:trojan-activity;sid:84655639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.52.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792538/; classtype:trojan-activity;sid:84655638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792534)"; flow:established,from_client; content:"GET"; http_method; content:"/access/remote%20access-macos-intel-offline.dmg|3f|language=en"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"172.86.89.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792534/; classtype:trojan-activity;sid:84655634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792535)"; flow:established,from_client; content:"GET"; http_method; content:"/access/remote%20access-windows32-offline.exe|3f|language=en"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"144.172.91.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792535/; classtype:trojan-activity;sid:84655635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792536)"; flow:established,from_client; content:"GET"; http_method; content:"/access/remote%20access-macos-intel-offline.dmg|3f|language=en"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"144.172.91.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792536/; classtype:trojan-activity;sid:84655636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792533)"; flow:established,from_client; content:"GET"; http_method; content:"/access/remote%20access-macos-offline.dmg|3f|language=en"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"45.61.151.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792533/; classtype:trojan-activity;sid:84655633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792530)"; flow:established,from_client; content:"GET"; http_method; content:"/access/remote%20access-macos-intel-offline.dmg|3f|language=en"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"bulledesophros.top"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792530/; classtype:trojan-activity;sid:84655630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792531)"; flow:established,from_client; content:"GET"; http_method; content:"/access/remote%20access-macos-offline.dmg|3f|language=en"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"172.86.89.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792531/; classtype:trojan-activity;sid:84655631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792532)"; flow:established,from_client; content:"GET"; http_method; content:"/access/remote%20access-macos-intel-offline.dmg|3f|language=en"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"45.61.151.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792532/; classtype:trojan-activity;sid:84655632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792529)"; flow:established,from_client; content:"GET"; http_method; content:"/access/remote%20access-macos-offline.dmg|3f|language=en"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"144.172.91.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792529/; classtype:trojan-activity;sid:84655629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792527)"; flow:established,from_client; content:"GET"; http_method; content:"/access/remote%20access-macos-offline.dmg|3f|language=en"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"bulledesophros.top"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792527/; classtype:trojan-activity;sid:84655627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792526)"; flow:established,from_client; content:"GET"; http_method; content:"/access/jwrapper-windows64jre-00063527423-archive.p2.l2"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"home-client-online-stetament.webredirect.org"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792526/; classtype:trojan-activity;sid:84655626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792525)"; flow:established,from_client; content:"GET"; http_method; content:"/access/remote%20access-windows64-offline.exe|3f|language=en"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"144.172.91.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792525/; classtype:trojan-activity;sid:84655625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792521)"; flow:established,from_client; content:"GET"; http_method; content:"/access/jwrapper-windows64jre-00084000053-archive.p2.l2"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"np.simpleuseai.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792521/; classtype:trojan-activity;sid:84655621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792522)"; flow:established,from_client; content:"GET"; http_method; content:"/ukc/adobe.clientsetup.msi"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ov.uqoo.nl"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792522/; classtype:trojan-activity;sid:84655622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792523)"; flow:established,from_client; content:"GET"; http_method; content:"/access/jwrapper-windows64jre-00063527423-archive.p2.l2"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"216.126.225.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792523/; classtype:trojan-activity;sid:84655623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792524)"; flow:established,from_client; content:"GET"; http_method; content:"/access/jwrapper-windows64jre-00063527423-archive.p2.l2"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"x.tlpoe.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792524/; classtype:trojan-activity;sid:84655624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792520)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/download.php/"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"us04web.zoom.us.pacl.us"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792520/; classtype:trojan-activity;sid:84655620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792519)"; flow:established,from_client; content:"GET"; http_method; content:"/access/jwrapper-windows64jre-00063527423-archive.p2.l2"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"144.172.107.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792519/; classtype:trojan-activity;sid:84655619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792517)"; flow:established,from_client; content:"GET"; http_method; content:"/access/jwrapper-remote%20access-00095171921-archive.p2.l2"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"np.simpleuseai.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792517/; classtype:trojan-activity;sid:84655617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792518)"; flow:established,from_client; content:"GET"; http_method; content:"/windows"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"download-app-service-conect.info"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792518/; classtype:trojan-activity;sid:84655618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792514)"; flow:established,from_client; content:"GET"; http_method; content:"/machine-1770334361325|3f|ping=0b04034dcb70010b00011753475f2d3633343630353535343030353136333438383500010131000103352e3207ee0206019c302696ed00011a5353756974652d352d322d32303230303630332d3131343630320001106663356364313165643838306332386608000200020001010b"; http_uri; depth:253; isdataat:!1,relative; nocase; content:"172.86.89.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792514/; classtype:trojan-activity;sid:84655614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792515)"; flow:established,from_client; content:"GET"; http_method; content:"/machine-1770334355241|3f|ping=0b04034dcb70010b00011753475f2d3633343630353535343030353136333438383500010131000103352e3207ee0206019c30267f2f00011a5353756974652d352d322d32303230303630332d31313436303200010e6e6f206d6174636820666f756e6408000200020001010b"; http_uri; depth:249; isdataat:!1,relative; nocase; content:"172.86.89.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792515/; classtype:trojan-activity;sid:84655615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792516)"; flow:established,from_client; content:"GET"; http_method; content:"/egydeal.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"egydeals.store"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792516/; classtype:trojan-activity;sid:84655616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792511)"; flow:established,from_client; content:"GET"; http_method; content:"/access/jwrapper-remote%20access-00075795303-archive.p2.l2"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"x.tlpoe.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792511/; classtype:trojan-activity;sid:84655611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792512)"; flow:established,from_client; content:"GET"; http_method; content:"/access/jwrapper-remote%20access_os_jwwin-00075795303-archive.p2.l2"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"agent-client-stoarge.webredirect.org"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792512/; classtype:trojan-activity;sid:84655612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792513)"; flow:established,from_client; content:"GET"; http_method; content:"/machine-1770334354275|3f|ping=0b04034dcb70010b00011753475f2d3633343630353535343030353136333438383500010131000103352e3207ee0206019c30267b6900011a5353756974652d352d322d32303230303630332d3131343630320004ffffff8508000200020001010b/lossyproc|3f|rand=0.65923539723784630.9375677345858592"; http_uri; depth:282; isdataat:!1,relative; nocase; content:"172.86.89.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792513/; classtype:trojan-activity;sid:84655613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792510)"; flow:established,from_client; content:"GET"; http_method; content:"/la/adobe.clientsetup.msi"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ovv.uqoo.nl"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792510/; classtype:trojan-activity;sid:84655610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792509)"; flow:established,from_client; content:"GET"; http_method; content:"/a/adobe.clientsetup.msi"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"dmv.uqoo.nl"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792509/; classtype:trojan-activity;sid:84655609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792507)"; flow:established,from_client; content:"GET"; http_method; content:"/access/jwrapper-remote%20access-00075795303-archive.p2.l2"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"home-client-online-stetament.webredirect.org"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792507/; classtype:trojan-activity;sid:84655607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792508)"; flow:established,from_client; content:"GET"; http_method; content:"/access/jwrapper-remote%20access_winutils64-00075795303-archive.p2.l2"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"agent-client-stoarge.webredirect.org"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792508/; classtype:trojan-activity;sid:84655608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792506)"; flow:established,from_client; content:"GET"; http_method; content:"/access/jwrapper-remote%20access_os_jwwin64-00095171921-archive.p2.l2"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"np.simpleuseai.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792506/; classtype:trojan-activity;sid:84655606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792503)"; flow:established,from_client; content:"GET"; http_method; content:"/access/jwrapper-remote%20access_os_jwwin-00075795303-archive.p2.l2"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"home-client-online-stetament.webredirect.org"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792503/; classtype:trojan-activity;sid:84655603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792504)"; flow:established,from_client; content:"GET"; http_method; content:"/access/jwrapper-remote%20access-00075795303-archive.p2.l2"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"216.126.225.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792504/; classtype:trojan-activity;sid:84655604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792505)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/download.php/"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"us06web.zoom.us.chsh.us"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792505/; classtype:trojan-activity;sid:84655605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792501)"; flow:established,from_client; content:"GET"; http_method; content:"/access/jwrapper-remote%20access_winutils64-00075795303-archive.p2.l2"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"home-client-online-stetament.webredirect.org"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792501/; classtype:trojan-activity;sid:84655601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792502)"; flow:established,from_client; content:"GET"; http_method; content:"/access/jwrapper-remote%20access_os_jwwin-00075795303-archive.p2.l2"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"x.tlpoe.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792502/; classtype:trojan-activity;sid:84655602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792499)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/download.php/"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"us06web.zoom.hiaa.us"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792499/; classtype:trojan-activity;sid:84655599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792500)"; flow:established,from_client; content:"GET"; http_method; content:"/bt/init.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"216.126.239.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792500/; classtype:trojan-activity;sid:84655600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792498)"; flow:established,from_client; content:"GET"; http_method; content:"/access/jwrapper-remote%20access-00075795303-archive.p2.l2"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"agent-client-stoarge.webredirect.org"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792498/; classtype:trojan-activity;sid:84655598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792497)"; flow:established,from_client; content:"GET"; http_method; content:"/access/jwrapper-remote%20access-00075795303-archive.p2.l2"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"144.172.107.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792497/; classtype:trojan-activity;sid:84655597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792496)"; flow:established,from_client; content:"GET"; http_method; content:"/access/jwrapper-remote%20access_winutils64-00095171921-archive.p2.l2"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"np.simpleuseai.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792496/; classtype:trojan-activity;sid:84655596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792488)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon_encrypted.bin"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"144.172.110.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792488/; classtype:trojan-activity;sid:84655588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792489)"; flow:established,from_client; content:"GET"; http_method; content:"/access/jwrapper-remote%20access_os_jwwin-00075795303-archive.p2.l2"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"144.172.107.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792489/; classtype:trojan-activity;sid:84655589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792490)"; flow:established,from_client; content:"GET"; http_method; content:"/encrypt.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"casadoserralheirosaocarlos.com.br"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792490/; classtype:trojan-activity;sid:84655590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792491)"; flow:established,from_client; content:"GET"; http_method; content:"/webdav_server.py"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"216.126.239.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792491/; classtype:trojan-activity;sid:84655591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792492)"; flow:established,from_client; content:"GET"; http_method; content:"/ezo0hjktpwyaizsj86zntazdnbqb3jfjrh2qin0yzkkczcchqlrxoftnll8sw64h_nj8kmljo7qz5ppdzk-qgxm4l7zmhr1dsedr/"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"216.126.236.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792492/; classtype:trojan-activity;sid:84655592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792493)"; flow:established,from_client; content:"GET"; http_method; content:"/winlocker/autoupdate/gamelauncher.ini|3f|ver=1.3.0.20"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"proxy005.vgate.app"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792493/; classtype:trojan-activity;sid:84655593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792494)"; flow:established,from_client; content:"GET"; http_method; content:"/access/jwrapper-remote%20access_winutils64-00075795303-archive.p2.l2"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"x.tlpoe.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792494/; classtype:trojan-activity;sid:84655594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792495)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/a.txt.vbs"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"files.wintestwin.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792495/; classtype:trojan-activity;sid:84655595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792486)"; flow:established,from_client; content:"GET"; http_method; content:"/access/jwrapper-remote%20access_os_jwwin-00075795303-archive.p2.l2"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"216.126.225.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792486/; classtype:trojan-activity;sid:84655586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792487)"; flow:established,from_client; content:"GET"; http_method; content:"/access/jwrapper-remote%20access_winutils64-00075795303-archive.p2.l2"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"216.126.225.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792487/; classtype:trojan-activity;sid:84655587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792484)"; flow:established,from_client; content:"GET"; http_method; content:"/machine-1770334356004|3f|ping=0b04034dcb70010b00011753475f2d3633343630353535343030353136333438383500010131000103352e3207ee0206019c3026822400011a5353756974652d352d322d32303230303630332d3131343630320001106663356364313165643838306332386608000200020001010b"; http_uri; depth:253; isdataat:!1,relative; nocase; content:"172.86.89.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792484/; classtype:trojan-activity;sid:84655584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792485)"; flow:established,from_client; content:"GET"; http_method; content:"/machine-1770334393741|3f|ping=0b04034dcb70010b00011753475f2d3633343630353535343030353136333438383500010131000103352e3207ee0206019c3027158d00011a5353756974652d352d322d32303230303630332d3131343630320001106663356364313165643838306332386608000200020001010b"; http_uri; depth:253; isdataat:!1,relative; nocase; content:"172.86.89.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792485/; classtype:trojan-activity;sid:84655585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792483)"; flow:established,from_client; content:"GET"; http_method; content:"/winlocker/autoupdate/gamelauncher.ini|3f|ver=1.3.0.20/"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"proxy005.vgate.app"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792483/; classtype:trojan-activity;sid:84655583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792482)"; flow:established,from_client; content:"GET"; http_method; content:"/ezo0hjktpwyaizsj87uozwve3wvhpkn9x9ojr5dtnpwyrk1sbsk_bezqik_bgpbf06njgotxhodd0zxerxmkkzgmfjhd6bcpdxbk9tp7jnx2zqz/"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"216.126.236.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792482/; classtype:trojan-activity;sid:84655582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792479)"; flow:established,from_client; content:"GET"; http_method; content:"/phishing/"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"216.126.239.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792479/; classtype:trojan-activity;sid:84655579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792480)"; flow:established,from_client; content:"GET"; http_method; content:"/ezo0hjktpwyaizsj84zzgw84qzivrb_fi4xfdrmii5/"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"216.126.236.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792480/; classtype:trojan-activity;sid:84655580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792481)"; flow:established,from_client; content:"GET"; http_method; content:"/ezo0hjktpwyaizsj87uo5qrjsga9zyu2mmr4qayhxp0xa9mdpw78cpq3zzi0fojzrhoe/"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"216.126.236.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792481/; classtype:trojan-activity;sid:84655581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.238.189.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792478/; classtype:trojan-activity;sid:84655578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792477)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cone-way.conesemison.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792477/; classtype:trojan-activity;sid:84655577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792476)"; flow:established,from_client; content:"GET"; http_method; content:"/new/k.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"crm.razatelefonia.pro"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792476/; classtype:trojan-activity;sid:84655576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792475)"; flow:established,from_client; content:"GET"; http_method; content:"/new/c"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"crm.razatelefonia.pro"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792475/; classtype:trojan-activity;sid:84655575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792474)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrget.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792474/; classtype:trojan-activity;sid:84655574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792473)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"meow-run.boynitsameow.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792473/; classtype:trojan-activity;sid:84655573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792472)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"boy-net.boynitsameow.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792472/; classtype:trojan-activity;sid:84655572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.161.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792471/; classtype:trojan-activity;sid:84655571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.31.189.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792470/; classtype:trojan-activity;sid:84655570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.227.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792469/; classtype:trojan-activity;sid:84655569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.209.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792468/; classtype:trojan-activity;sid:84655568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792467)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"boy-site.boynitsameow.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792467/; classtype:trojan-activity;sid:84655567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792466)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cleav-base.bobikcleavage.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792466/; classtype:trojan-activity;sid:84655566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.119.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792465/; classtype:trojan-activity;sid:84655565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792464)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bobik-sys.bobikcleavage.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792464/; classtype:trojan-activity;sid:84655564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.106.241.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792463/; classtype:trojan-activity;sid:84655563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792462)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cleav-v6.bobikcleavage.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792462/; classtype:trojan-activity;sid:84655562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792461)"; flow:established,from_client; content:"GET"; http_method; content:"/app/download.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"app.enekora.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792461/; classtype:trojan-activity;sid:84655561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792460)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bobik-peak.bobikcleavage.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792460/; classtype:trojan-activity;sid:84655560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792459)"; flow:established,from_client; content:"GET"; http_method; content:"/download/gitlol"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"fuckcartel.icu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792459/; classtype:trojan-activity;sid:84655559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792458)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"silen-node.amperesilence.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792458/; classtype:trojan-activity;sid:84655558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.186.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792457/; classtype:trojan-activity;sid:84655557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.186.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792456/; classtype:trojan-activity;sid:84655556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792455)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"amp-hub.amperesilence.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792455/; classtype:trojan-activity;sid:84655555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792454)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"silen-v05.amperesilence.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792454/; classtype:trojan-activity;sid:84655554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792453)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"amp-vault.amperesilence.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792453/; classtype:trojan-activity;sid:84655553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792452)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sing-data.limbsingle.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792452/; classtype:trojan-activity;sid:84655552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.66.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792451/; classtype:trojan-activity;sid:84655551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792450)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"limb-sync.limbsingle.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792450/; classtype:trojan-activity;sid:84655550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.178.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792449/; classtype:trojan-activity;sid:84655549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.119.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792448/; classtype:trojan-activity;sid:84655548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792447)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.194.92.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792447/; classtype:trojan-activity;sid:84655547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792444)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.194.92.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792444/; classtype:trojan-activity;sid:84655544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792445)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bobnet.exiled.fit"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792445/; classtype:trojan-activity;sid:84655545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792446)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.194.92.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792446/; classtype:trojan-activity;sid:84655546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792443)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.194.92.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792443/; classtype:trojan-activity;sid:84655543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792442)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bobnet.exiled.fit"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792442/; classtype:trojan-activity;sid:84655542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792428)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.194.92.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792428/; classtype:trojan-activity;sid:84655528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792429)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bobnet.exiled.fit"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792429/; classtype:trojan-activity;sid:84655529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792430)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.194.92.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792430/; classtype:trojan-activity;sid:84655530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792431)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.194.92.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792431/; classtype:trojan-activity;sid:84655531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792432)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bobnet.exiled.fit"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792432/; classtype:trojan-activity;sid:84655532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792433)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bobnet.exiled.fit"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792433/; classtype:trojan-activity;sid:84655533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792434)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"bobnet.exiled.fit"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792434/; classtype:trojan-activity;sid:84655534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792435)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bobnet.exiled.fit"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792435/; classtype:trojan-activity;sid:84655535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792436)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.194.92.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792436/; classtype:trojan-activity;sid:84655536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792437)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.194.92.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792437/; classtype:trojan-activity;sid:84655537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792438)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bobnet.exiled.fit"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792438/; classtype:trojan-activity;sid:84655538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792439)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.194.92.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792439/; classtype:trojan-activity;sid:84655539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792440)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bobnet.exiled.fit"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792440/; classtype:trojan-activity;sid:84655540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792441)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bobnet.exiled.fit"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792441/; classtype:trojan-activity;sid:84655541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792427)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bobnet.exiled.fit"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792427/; classtype:trojan-activity;sid:84655527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792426)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sing-v44.limbsingle.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792426/; classtype:trojan-activity;sid:84655526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792425)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"limb-core.limbsingle.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792425/; classtype:trojan-activity;sid:84655525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792424)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"seni-edge.oakumsenile.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792424/; classtype:trojan-activity;sid:84655524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.127.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792423/; classtype:trojan-activity;sid:84655523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792422)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"oakum-unit.oakumsenile.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792422/; classtype:trojan-activity;sid:84655522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.66.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792421/; classtype:trojan-activity;sid:84655521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.178.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792420/; classtype:trojan-activity;sid:84655520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792419)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"seni-v3.oakumsenile.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792419/; classtype:trojan-activity;sid:84655519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792418)"; flow:established,from_client; content:"GET"; http_method; content:"/arm-linux-musleabi"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"140.233.190.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792418/; classtype:trojan-activity;sid:84655518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792417)"; flow:established,from_client; content:"GET"; http_method; content:"/armel-linux-musleabihf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"140.233.190.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792417/; classtype:trojan-activity;sid:84655517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792413)"; flow:established,from_client; content:"GET"; http_method; content:"/armeb-linux-musleabihf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"140.233.190.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792413/; classtype:trojan-activity;sid:84655513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792414)"; flow:established,from_client; content:"GET"; http_method; content:"/armeb-linux-musleabi"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"140.233.190.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792414/; classtype:trojan-activity;sid:84655514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792415)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7r-linux-musleabihf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"140.233.190.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792415/; classtype:trojan-activity;sid:84655515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792416)"; flow:established,from_client; content:"GET"; http_method; content:"/armel-linux-musleabi"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"140.233.190.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792416/; classtype:trojan-activity;sid:84655516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792409)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l-linux-musleabi"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"140.233.190.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792409/; classtype:trojan-activity;sid:84655509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792410)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6-linux-musleabi"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"140.233.190.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792410/; classtype:trojan-activity;sid:84655510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792411)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l-linux-musleabihf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"140.233.190.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792411/; classtype:trojan-activity;sid:84655511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792412)"; flow:established,from_client; content:"GET"; http_method; content:"/arm-linux-musleabihf"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"140.233.190.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792412/; classtype:trojan-activity;sid:84655512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792406)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l-linux-musleabihf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"140.233.190.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792406/; classtype:trojan-activity;sid:84655506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792407)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6-linux-musleabihf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"140.233.190.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792407/; classtype:trojan-activity;sid:84655507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792408)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7m-linux-musleabi"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"140.233.190.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792408/; classtype:trojan-activity;sid:84655508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792405)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"oakum-gate.oakumsenile.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792405/; classtype:trojan-activity;sid:84655505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.225.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792404/; classtype:trojan-activity;sid:84655504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.111.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792403/; classtype:trojan-activity;sid:84655503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792402)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"foll-flow.excitfollower.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792402/; classtype:trojan-activity;sid:84655502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792401)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"excit-net.excitfollower.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792401/; classtype:trojan-activity;sid:84655501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.45.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792399/; classtype:trojan-activity;sid:84655499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.22.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792400/; classtype:trojan-activity;sid:84655500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.121.83.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792398/; classtype:trojan-activity;sid:84655498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792397)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"foll-v12.excitfollower.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792397/; classtype:trojan-activity;sid:84655497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.229.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792396/; classtype:trojan-activity;sid:84655496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.81.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792395/; classtype:trojan-activity;sid:84655495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792394)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"excit-hub.excitfollower.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792394/; classtype:trojan-activity;sid:84655494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792393)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nord-base.navignord.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792393/; classtype:trojan-activity;sid:84655493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792392)"; flow:established,from_client; content:"GET"; http_method; content:"/filearchiver.rar"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"zverda.space"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792392/; classtype:trojan-activity;sid:84655492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.56.232.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792390/; classtype:trojan-activity;sid:84655490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792389)"; flow:established,from_client; content:"GET"; http_method; content:"/load.ps1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"zxjasjkask1992.sbs"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792389/; classtype:trojan-activity;sid:84655489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792388)"; flow:established,from_client; content:"GET"; http_method; content:"/even88813-hash/anticheat/main/scottish/software_2.2.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792388/; classtype:trojan-activity;sid:84655488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792387)"; flow:established,from_client; content:"GET"; http_method; content:"/even88813-hash/anticheat/raw/refs/heads/main/scottish/software_2.2.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792387/; classtype:trojan-activity;sid:84655487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792386)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"navig-sync.navignord.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792386/; classtype:trojan-activity;sid:84655486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.22.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792385/; classtype:trojan-activity;sid:84655485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792384)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nord-v01.navignord.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792384/; classtype:trojan-activity;sid:84655484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.121.83.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792383/; classtype:trojan-activity;sid:84655483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792382)"; flow:established,from_client; content:"GET"; http_method; content:"/sof1st1s/astralis-client/releases/download/1.0.3/astralis.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792382/; classtype:trojan-activity;sid:84655482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792381)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"navig-node.navignord.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792381/; classtype:trojan-activity;sid:84655481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.229.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792380/; classtype:trojan-activity;sid:84655480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792379)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"fr4me-hinge.breezefield.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792379/; classtype:trojan-activity;sid:84655479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.81.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792378/; classtype:trojan-activity;sid:84655478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792377)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"royalstream.breezefield.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792377/; classtype:trojan-activity;sid:84655477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792376)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"packecle.breezefield.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792376/; classtype:trojan-activity;sid:84655476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.135.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792375/; classtype:trojan-activity;sid:84655475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792374)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hollowcatalog.breezefield.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792374/; classtype:trojan-activity;sid:84655474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792373)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"5un-craft.harborcliff.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792373/; classtype:trojan-activity;sid:84655473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.65.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792372/; classtype:trojan-activity;sid:84655472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792371)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"1ayo-route.harborcliff.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792371/; classtype:trojan-activity;sid:84655471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.181.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792370/; classtype:trojan-activity;sid:84655470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792369)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"eenlgmi.harborcliff.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792369/; classtype:trojan-activity;sid:84655469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792368)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"live-coupo.harborcliff.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792368/; classtype:trojan-activity;sid:84655468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.239.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792367/; classtype:trojan-activity;sid:84655467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.135.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792366/; classtype:trojan-activity;sid:84655466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.65.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792365/; classtype:trojan-activity;sid:84655465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792364)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kelnex2or.summitgrove.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792364/; classtype:trojan-activity;sid:84655464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.203.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792363/; classtype:trojan-activity;sid:84655463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.81.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792362/; classtype:trojan-activity;sid:84655462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.203.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792361/; classtype:trojan-activity;sid:84655461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.43.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792359/; classtype:trojan-activity;sid:84655459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.245.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792360/; classtype:trojan-activity;sid:84655460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792358)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mpthp.summitgrove.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792358/; classtype:trojan-activity;sid:84655458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.78.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792357/; classtype:trojan-activity;sid:84655457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792356)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"reedfreigh.summitgrove.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792356/; classtype:trojan-activity;sid:84655456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792355)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"granit3-beam.summitgrove.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792355/; classtype:trojan-activity;sid:84655455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.173.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792354/; classtype:trojan-activity;sid:84655454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792353)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"extendnode.granitevalley.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792353/; classtype:trojan-activity;sid:84655453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.245.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792352/; classtype:trojan-activity;sid:84655452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792351)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"34lhj33.granitevalley.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792351/; classtype:trojan-activity;sid:84655451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.229.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792350/; classtype:trojan-activity;sid:84655450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.127.226.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792349/; classtype:trojan-activity;sid:84655449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792348)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"valspro.granitevalley.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792348/; classtype:trojan-activity;sid:84655448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.43.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792347/; classtype:trojan-activity;sid:84655447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792346)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7824924311/u0j9mv7.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792346/; classtype:trojan-activity;sid:84655446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792345)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"notifierflame.granitevalley.in.net"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792345/; classtype:trojan-activity;sid:84655445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.238.189.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792344/; classtype:trojan-activity;sid:84655444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.81.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792343/; classtype:trojan-activity;sid:84655443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.157.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792342/; classtype:trojan-activity;sid:84655442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.61.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792339/; classtype:trojan-activity;sid:84655439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.45.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792340/; classtype:trojan-activity;sid:84655440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.248.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792341/; classtype:trojan-activity;sid:84655441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.220.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792338/; classtype:trojan-activity;sid:84655438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.192.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792337/; classtype:trojan-activity;sid:84655437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.229.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792336/; classtype:trojan-activity;sid:84655436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792335)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kel-meshet.thunderplain.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792335/; classtype:trojan-activity;sid:84655435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792334)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tlccjre.thunderplain.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792334/; classtype:trojan-activity;sid:84655434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.242.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792333/; classtype:trojan-activity;sid:84655433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.85.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792332/; classtype:trojan-activity;sid:84655432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.91.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792331/; classtype:trojan-activity;sid:84655431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792330)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bundleroug.thunderplain.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792330/; classtype:trojan-activity;sid:84655430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.248.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792329/; classtype:trojan-activity;sid:84655429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.3.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792328/; classtype:trojan-activity;sid:84655428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792327)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hfze93t5.autumnbrook.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792327/; classtype:trojan-activity;sid:84655427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.192.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792326/; classtype:trojan-activity;sid:84655426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.91.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792325/; classtype:trojan-activity;sid:84655425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.3.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792324/; classtype:trojan-activity;sid:84655424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792323)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"quormarkis8.autumnbrook.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792323/; classtype:trojan-activity;sid:84655423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.243.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792322/; classtype:trojan-activity;sid:84655422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792321)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"4uzr61.autumnbrook.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792321/; classtype:trojan-activity;sid:84655421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.125.241.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792320/; classtype:trojan-activity;sid:84655420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.85.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792319/; classtype:trojan-activity;sid:84655419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792318)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"trinexex5.autumnbrook.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792318/; classtype:trojan-activity;sid:84655418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.242.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792317/; classtype:trojan-activity;sid:84655417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.87.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792316/; classtype:trojan-activity;sid:84655416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792315)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"e2yy59.silvermeadow.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792315/; classtype:trojan-activity;sid:84655415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.194.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792314/; classtype:trojan-activity;sid:84655414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792313)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"eopulls.silvermeadow.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792313/; classtype:trojan-activity;sid:84655413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.84.222.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792312/; classtype:trojan-activity;sid:84655412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792311)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"spooldiscover.silvermeadow.in.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792311/; classtype:trojan-activity;sid:84655411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.220.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792310/; classtype:trojan-activity;sid:84655410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.125.241.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792309/; classtype:trojan-activity;sid:84655409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792308)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"shafun.silvermeadow.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792308/; classtype:trojan-activity;sid:84655408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.174.147.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792307/; classtype:trojan-activity;sid:84655407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.230.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792306/; classtype:trojan-activity;sid:84655406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.194.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792305/; classtype:trojan-activity;sid:84655405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.174.147.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792304/; classtype:trojan-activity;sid:84655404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792303)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"clipwes.crimsonridge.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792303/; classtype:trojan-activity;sid:84655403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.225.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792302/; classtype:trojan-activity;sid:84655402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.252.242.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792301/; classtype:trojan-activity;sid:84655401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.206.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792300/; classtype:trojan-activity;sid:84655400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792299)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"gr1m-mark.crimsonridge.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792299/; classtype:trojan-activity;sid:84655399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.84.222.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792298/; classtype:trojan-activity;sid:84655398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792297)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hub-path.crimsonridge.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792297/; classtype:trojan-activity;sid:84655397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.230.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792296/; classtype:trojan-activity;sid:84655396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792295)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"g755rs.crimsonridge.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792295/; classtype:trojan-activity;sid:84655395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.133.100.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792294/; classtype:trojan-activity;sid:84655394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792293)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"taltideal3.emberfield.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792293/; classtype:trojan-activity;sid:84655393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.54.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792292/; classtype:trojan-activity;sid:84655392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.54.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792291/; classtype:trojan-activity;sid:84655391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792290)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"oas1-sheet.emberfield.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792290/; classtype:trojan-activity;sid:84655390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792289)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"norfluxex2.emberfield.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792289/; classtype:trojan-activity;sid:84655389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.252.242.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792288/; classtype:trojan-activity;sid:84655388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792287)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"v16m.emberfield.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792287/; classtype:trojan-activity;sid:84655387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.206.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792286/; classtype:trojan-activity;sid:84655386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792285)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"xg38z.dawnforest.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792285/; classtype:trojan-activity;sid:84655385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.96.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792284/; classtype:trojan-activity;sid:84655384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.20.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792283/; classtype:trojan-activity;sid:84655383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.177.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792282/; classtype:trojan-activity;sid:84655382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792281)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"norven7en.dawnforest.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792281/; classtype:trojan-activity;sid:84655381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792280)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8546791173/h8eefno.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792280/; classtype:trojan-activity;sid:84655380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792279)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"carrierloose.dawnforest.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792279/; classtype:trojan-activity;sid:84655379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792278)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"inkcarry.dawnforest.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792278/; classtype:trojan-activity;sid:84655378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.6.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792277/; classtype:trojan-activity;sid:84655377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.84.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792276/; classtype:trojan-activity;sid:84655376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792275)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"binaryscale.overtmantram.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792275/; classtype:trojan-activity;sid:84655375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.20.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792274/; classtype:trojan-activity;sid:84655374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792273)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sparrowmerg.overtmantram.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792273/; classtype:trojan-activity;sid:84655373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.177.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792272/; classtype:trojan-activity;sid:84655372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792271)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"proto-p45s.overtmantram.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792271/; classtype:trojan-activity;sid:84655371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.24.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792270/; classtype:trojan-activity;sid:84655370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792269)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"neo-5tor.overtmantram.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792269/; classtype:trojan-activity;sid:84655369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792268)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"fgklagg.goodtime.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792268/; classtype:trojan-activity;sid:84655368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.210.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792267/; classtype:trojan-activity;sid:84655367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.210.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792266/; classtype:trojan-activity;sid:84655366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792265)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hyp3r-stream.goodtime.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792265/; classtype:trojan-activity;sid:84655365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.137.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792264/; classtype:trojan-activity;sid:84655364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792263)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ledger5-well.goodtime.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792263/; classtype:trojan-activity;sid:84655363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.26.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792262/; classtype:trojan-activity;sid:84655362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792261)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sync-sys.goodtime.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792261/; classtype:trojan-activity;sid:84655361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792260/; classtype:trojan-activity;sid:84655360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792259)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7903503838/isxodfn.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792259/; classtype:trojan-activity;sid:84655359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792258)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"audiocast.conesemison.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792258/; classtype:trojan-activity;sid:84655358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.26.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792257/; classtype:trojan-activity;sid:84655357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.82.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792256/; classtype:trojan-activity;sid:84655356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792255)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tri-venor.conesemison.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792255/; classtype:trojan-activity;sid:84655355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792254)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"81mtae9.conesemison.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792254/; classtype:trojan-activity;sid:84655354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.187.68.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792253/; classtype:trojan-activity;sid:84655353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792252)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"grovv4-node.conesemison.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792252/; classtype:trojan-activity;sid:84655352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792251)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=igiradjvetwzjgzh"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"tquq11g4.colitishatred.digital"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792251/; classtype:trojan-activity;sid:84655351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.89.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792250/; classtype:trojan-activity;sid:84655350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.99.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792249/; classtype:trojan-activity;sid:84655349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792247)"; flow:established,from_client; content:"GET"; http_method; content:"/cnctest"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792247/; classtype:trojan-activity;sid:84655347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792248)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_windows.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792248/; classtype:trojan-activity;sid:84655348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792246)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"im4g-path.boynitsameow.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792246/; classtype:trojan-activity;sid:84655346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.126.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792245/; classtype:trojan-activity;sid:84655345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.210.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792244/; classtype:trojan-activity;sid:84655344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.15.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792243/; classtype:trojan-activity;sid:84655343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792242)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"9smjiz.boynitsameow.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792242/; classtype:trojan-activity;sid:84655342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792241)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"harddense.boynitsameow.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792241/; classtype:trojan-activity;sid:84655341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.110.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792240/; classtype:trojan-activity;sid:84655340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.235.139.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792238/; classtype:trojan-activity;sid:84655338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.89.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792239/; classtype:trojan-activity;sid:84655339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.210.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792237/; classtype:trojan-activity;sid:84655337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.28.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792236/; classtype:trojan-activity;sid:84655336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.99.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792235/; classtype:trojan-activity;sid:84655335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792234)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sp115-index.bobikcleavage.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792234/; classtype:trojan-activity;sid:84655334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.143.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792233/; classtype:trojan-activity;sid:84655333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.115.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792232/; classtype:trojan-activity;sid:84655332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792231)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"qhye.bobikcleavage.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792231/; classtype:trojan-activity;sid:84655331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.176.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792230/; classtype:trojan-activity;sid:84655330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792229)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cr3s9-mesh.bobikcleavage.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792229/; classtype:trojan-activity;sid:84655329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.28.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792228/; classtype:trojan-activity;sid:84655328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792227)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"1n5igh6-lab.bobikcleavage.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792227/; classtype:trojan-activity;sid:84655327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.29.117"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792226/; classtype:trojan-activity;sid:84655326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792225)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mvxc.amperesilence.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792225/; classtype:trojan-activity;sid:84655325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792189)"; flow:established,from_client; content:"GET"; http_method; content:"/ngao13/aj3iwhqk6/orlkx"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792189/; classtype:trojan-activity;sid:84655289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792190)"; flow:established,from_client; content:"GET"; http_method; content:"/lvul/pfa1suy7/8ihktx9b"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792190/; classtype:trojan-activity;sid:84655290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792191)"; flow:established,from_client; content:"GET"; http_method; content:"/mywallet.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.172.86.68.175"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792191/; classtype:trojan-activity;sid:84655291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792192)"; flow:established,from_client; content:"GET"; http_method; content:"/ozxb5y4kh/pyqyd/yh8u"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792192/; classtype:trojan-activity;sid:84655292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792193)"; flow:established,from_client; content:"GET"; http_method; content:"/mneq/piomqh/vx0kj"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792193/; classtype:trojan-activity;sid:84655293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792194)"; flow:established,from_client; content:"GET"; http_method; content:"/lpihu/okoxue/z2tag9t"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792194/; classtype:trojan-activity;sid:84655294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792195)"; flow:established,from_client; content:"GET"; http_method; content:"/v8dpwobgj/uwwsqkff/0qxugtjeob"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792195/; classtype:trojan-activity;sid:84655295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792196)"; flow:established,from_client; content:"GET"; http_method; content:"/q7fz0uuz/0x7y4/gcfeu5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792196/; classtype:trojan-activity;sid:84655296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792197)"; flow:established,from_client; content:"GET"; http_method; content:"/cjzkapj/rvvcs1t/fnm8vlqg1e"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792197/; classtype:trojan-activity;sid:84655297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792198)"; flow:established,from_client; content:"GET"; http_method; content:"/nerr/o2iotis91/bumcuwwmjsg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792198/; classtype:trojan-activity;sid:84655298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792199)"; flow:established,from_client; content:"GET"; http_method; content:"/ehwrs/h0kexpii5/hzqhkr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792199/; classtype:trojan-activity;sid:84655299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792200)"; flow:established,from_client; content:"GET"; http_method; content:"/z8rbpp/vc2tqct/0tef3"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792200/; classtype:trojan-activity;sid:84655300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792201)"; flow:established,from_client; content:"GET"; http_method; content:"/yesrgs/8pm4a/yzxdwgzauo"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792201/; classtype:trojan-activity;sid:84655301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792202)"; flow:established,from_client; content:"GET"; http_method; content:"/jhzgh/5f3t/8scqrxax"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792202/; classtype:trojan-activity;sid:84655302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792203)"; flow:established,from_client; content:"GET"; http_method; content:"/i9wj/rpgogl8/nttx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792203/; classtype:trojan-activity;sid:84655303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792204)"; flow:established,from_client; content:"GET"; http_method; content:"/gclw8p0xbn.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792204/; classtype:trojan-activity;sid:84655304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792205)"; flow:established,from_client; content:"GET"; http_method; content:"/lcbkw9d7/0bva4/gylqzhwaqr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792205/; classtype:trojan-activity;sid:84655305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792206)"; flow:established,from_client; content:"GET"; http_method; content:"/nbqfvpkaus8/yi7rwlz/qxsa1op"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792206/; classtype:trojan-activity;sid:84655306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792207)"; flow:established,from_client; content:"GET"; http_method; content:"/papapepev1.4.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792207/; classtype:trojan-activity;sid:84655307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792208)"; flow:established,from_client; content:"GET"; http_method; content:"/yto3grvoir/iwbvw/8kfzwkt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792208/; classtype:trojan-activity;sid:84655308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792209)"; flow:established,from_client; content:"GET"; http_method; content:"/gzmizh7cvn/xthu/kng79sfy"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792209/; classtype:trojan-activity;sid:84655309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792210)"; flow:established,from_client; content:"GET"; http_method; content:"/papapepev1.4.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.172.86.68.175"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792210/; classtype:trojan-activity;sid:84655310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792211)"; flow:established,from_client; content:"GET"; http_method; content:"/2glfk/nx4uda3t/s7r9"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792211/; classtype:trojan-activity;sid:84655311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792212)"; flow:established,from_client; content:"GET"; http_method; content:"/emgx1d/o4nx5/mqmg2xb"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792212/; classtype:trojan-activity;sid:84655312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792213)"; flow:established,from_client; content:"GET"; http_method; content:"/khdx6d/dm7z7/ft0jxb"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792213/; classtype:trojan-activity;sid:84655313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792214)"; flow:established,from_client; content:"GET"; http_method; content:"/omxc/u2omdbzvf/nkblcvb7u5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792214/; classtype:trojan-activity;sid:84655314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792215)"; flow:established,from_client; content:"GET"; http_method; content:"/nlfvdzhj88/ndqvhmoh2/blrp"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792215/; classtype:trojan-activity;sid:84655315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792216)"; flow:established,from_client; content:"GET"; http_method; content:"/mywallet.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792216/; classtype:trojan-activity;sid:84655316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792217)"; flow:established,from_client; content:"GET"; http_method; content:"/mtjm9yvobg/7hv8lioyl/cgz8p8dbj5"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792217/; classtype:trojan-activity;sid:84655317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792218)"; flow:established,from_client; content:"GET"; http_method; content:"/ooq4yz1sw1u/bwrd/gbpz3wunp"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792218/; classtype:trojan-activity;sid:84655318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792219)"; flow:established,from_client; content:"GET"; http_method; content:"/p4251j/8iymhulrd/3d5aw3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792219/; classtype:trojan-activity;sid:84655319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792220)"; flow:established,from_client; content:"GET"; http_method; content:"/tz6k58/ilsa7cw/mmlcqc6iao"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792220/; classtype:trojan-activity;sid:84655320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792221)"; flow:established,from_client; content:"GET"; http_method; content:"/eefnp/jmrjpvjw/pfnouz71i"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792221/; classtype:trojan-activity;sid:84655321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792222)"; flow:established,from_client; content:"GET"; http_method; content:"/fzxhxuqiv/lnggqi/hvzk5yx"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792222/; classtype:trojan-activity;sid:84655322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792223)"; flow:established,from_client; content:"GET"; http_method; content:"/0z4dkmng/yisrpo4/7vjm3pszy"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792223/; classtype:trojan-activity;sid:84655323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792224)"; flow:established,from_client; content:"GET"; http_method; content:"/kaet5lkvz/gcoj/htitwtkb0"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792224/; classtype:trojan-activity;sid:84655324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792143)"; flow:established,from_client; content:"GET"; http_method; content:"/d7x9vhk/lulf/pifknvq"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792143/; classtype:trojan-activity;sid:84655243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792144)"; flow:established,from_client; content:"GET"; http_method; content:"/d3rhtuf/ybazus/guievxnlz"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792144/; classtype:trojan-activity;sid:84655244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792145)"; flow:established,from_client; content:"GET"; http_method; content:"/3iwurd5x/krtn9f/a3oeduszkcm"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792145/; classtype:trojan-activity;sid:84655245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792146)"; flow:established,from_client; content:"GET"; http_method; content:"/yjcbqrhg/leu4rzoan/4joac"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792146/; classtype:trojan-activity;sid:84655246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792147)"; flow:established,from_client; content:"GET"; http_method; content:"/0tikofr/bbzv8/u23gb6ud9ca"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792147/; classtype:trojan-activity;sid:84655247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792148)"; flow:established,from_client; content:"GET"; http_method; content:"/c34vd/zqyvn/test.dll"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792148/; classtype:trojan-activity;sid:84655248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792149)"; flow:established,from_client; content:"GET"; http_method; content:"/ngzi/orzc9xiz/wtag"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792149/; classtype:trojan-activity;sid:84655249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792150)"; flow:established,from_client; content:"GET"; http_method; content:"/febo/i4tc/atre4ao"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792150/; classtype:trojan-activity;sid:84655250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792151)"; flow:established,from_client; content:"GET"; http_method; content:"/zhs2ys/f4xjyp/bf0cnvht"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792151/; classtype:trojan-activity;sid:84655251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792152)"; flow:established,from_client; content:"GET"; http_method; content:"/0fqum2bfea/qgnnxl4/6mzmpwgpqwf"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792152/; classtype:trojan-activity;sid:84655252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792153)"; flow:established,from_client; content:"GET"; http_method; content:"/aki8wu/t8hzbk7z/epuokz7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792153/; classtype:trojan-activity;sid:84655253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792154)"; flow:established,from_client; content:"GET"; http_method; content:"/zbxiyiy/dljh/qrcktld114"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792154/; classtype:trojan-activity;sid:84655254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792155)"; flow:established,from_client; content:"GET"; http_method; content:"/s3hhk/awaqpy/bdsqsk8zspi"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792155/; classtype:trojan-activity;sid:84655255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792156)"; flow:established,from_client; content:"GET"; http_method; content:"/t7vdnebibod/1x6fbro6/elbhs"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792156/; classtype:trojan-activity;sid:84655256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792157)"; flow:established,from_client; content:"GET"; http_method; content:"/ecpcbuf/n0r1c/rlogdaqar"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792157/; classtype:trojan-activity;sid:84655257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792158)"; flow:established,from_client; content:"GET"; http_method; content:"/zinjvyb3/vgd5o/x1natlcw2uj"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792158/; classtype:trojan-activity;sid:84655258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792159)"; flow:established,from_client; content:"GET"; http_method; content:"/vsaxprhor/miuhzbj/9ofiv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792159/; classtype:trojan-activity;sid:84655259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792160)"; flow:established,from_client; content:"GET"; http_method; content:"/jh26v/wza7qys/ymy4wbywz8r"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792160/; classtype:trojan-activity;sid:84655260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792161)"; flow:established,from_client; content:"GET"; http_method; content:"/j7se1/lgcd/os6wxd"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792161/; classtype:trojan-activity;sid:84655261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792162)"; flow:established,from_client; content:"GET"; http_method; content:"/ylfoqaso/r5voefrp/zhtwfgagsl"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792162/; classtype:trojan-activity;sid:84655262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792163)"; flow:established,from_client; content:"GET"; http_method; content:"/tzodbjbirwt/jpe2/6vd4t6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792163/; classtype:trojan-activity;sid:84655263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792164)"; flow:established,from_client; content:"GET"; http_method; content:"/uevzckqcgw2/2gbmwcao/hnlb8"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792164/; classtype:trojan-activity;sid:84655264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792165)"; flow:established,from_client; content:"GET"; http_method; content:"/dwo428tf/mkuan/frtb"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792165/; classtype:trojan-activity;sid:84655265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792166)"; flow:established,from_client; content:"GET"; http_method; content:"/acqo93z1i/lptwvcj/ncrzj"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792166/; classtype:trojan-activity;sid:84655266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792167)"; flow:established,from_client; content:"GET"; http_method; content:"/pxmwrr/2gvngwo9i/dntmawdh"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792167/; classtype:trojan-activity;sid:84655267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792168)"; flow:established,from_client; content:"GET"; http_method; content:"/index.html.want_to_cry"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792168/; classtype:trojan-activity;sid:84655268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792169)"; flow:established,from_client; content:"GET"; http_method; content:"/pt3uhvd/kt9t6/lxs78"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792169/; classtype:trojan-activity;sid:84655269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792170)"; flow:established,from_client; content:"GET"; http_method; content:"/p9u5/jxyyjgi/wz1nm68u"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792170/; classtype:trojan-activity;sid:84655270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792171)"; flow:established,from_client; content:"GET"; http_method; content:"/ofaf/bxqmxbk/akt1ft"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792171/; classtype:trojan-activity;sid:84655271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792172)"; flow:established,from_client; content:"GET"; http_method; content:"/tqbddhixetf/elgarp/27oo"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792172/; classtype:trojan-activity;sid:84655272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792173)"; flow:established,from_client; content:"GET"; http_method; content:"/398iiy/pvsgb9ln/vjxnicrn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792173/; classtype:trojan-activity;sid:84655273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792174)"; flow:established,from_client; content:"GET"; http_method; content:"/y4v7c4zj/2lmoyj/33ye"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792174/; classtype:trojan-activity;sid:84655274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792175)"; flow:established,from_client; content:"GET"; http_method; content:"/g2eqaodpcn7/cefmgc5/rwdjpxuskli"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792175/; classtype:trojan-activity;sid:84655275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792176)"; flow:established,from_client; content:"GET"; http_method; content:"/sioptlrj/1prlwspkj/hcggzdkmb"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792176/; classtype:trojan-activity;sid:84655276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792177)"; flow:established,from_client; content:"GET"; http_method; content:"/uyg2mulfk/cvqfmbw/s1ket"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792177/; classtype:trojan-activity;sid:84655277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792178)"; flow:established,from_client; content:"GET"; http_method; content:"/sqpb4/yln44wozl/"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792178/; classtype:trojan-activity;sid:84655278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792179)"; flow:established,from_client; content:"GET"; http_method; content:"/wides7/ntjvoci46/dsvc2fo"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792179/; classtype:trojan-activity;sid:84655279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792180)"; flow:established,from_client; content:"GET"; http_method; content:"/szruihj8dd/sls6/gbay30zjkf"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792180/; classtype:trojan-activity;sid:84655280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792181)"; flow:established,from_client; content:"GET"; http_method; content:"/wpdwyl/kyesdan/ivtzm5k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792181/; classtype:trojan-activity;sid:84655281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792182)"; flow:established,from_client; content:"GET"; http_method; content:"/zkebiwnbs/imfr/pao8nh"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792182/; classtype:trojan-activity;sid:84655282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792183)"; flow:established,from_client; content:"GET"; http_method; content:"/3m8d2l/lkqvsy/1f4mlbphl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792183/; classtype:trojan-activity;sid:84655283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792184)"; flow:established,from_client; content:"GET"; http_method; content:"/gclw8p0xbn/9y7zslop5/s2gv3vxwc"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792184/; classtype:trojan-activity;sid:84655284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792185)"; flow:established,from_client; content:"GET"; http_method; content:"/ylfoqaso/r5voefrp/zhtwfgagsl"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792185/; classtype:trojan-activity;sid:84655285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792186)"; flow:established,from_client; content:"GET"; http_method; content:"/papapepev1.4.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792186/; classtype:trojan-activity;sid:84655286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792187)"; flow:established,from_client; content:"GET"; http_method; content:"/yxkcrauo2/6t6msk/1dfw7t"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792187/; classtype:trojan-activity;sid:84655287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792188)"; flow:established,from_client; content:"GET"; http_method; content:"/o7vtcdq/ipix/dh8fxo"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792188/; classtype:trojan-activity;sid:84655288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792142)"; flow:established,from_client; content:"GET"; http_method; content:"/0tikofr/bbzv8/u23gb6ud9ca"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792142/; classtype:trojan-activity;sid:84655242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792140)"; flow:established,from_client; content:"GET"; http_method; content:"/yxkcrauo2/6t6msk/1dfw7t"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792140/; classtype:trojan-activity;sid:84655240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792141)"; flow:established,from_client; content:"GET"; http_method; content:"/ngzi/orzc9xiz/wtag"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792141/; classtype:trojan-activity;sid:84655241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792136)"; flow:established,from_client; content:"GET"; http_method; content:"/zbxiyiy/dljh/qrcktld114"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792136/; classtype:trojan-activity;sid:84655236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792137)"; flow:established,from_client; content:"GET"; http_method; content:"/c34vd/zqyvn/test.dll"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792137/; classtype:trojan-activity;sid:84655237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792138)"; flow:established,from_client; content:"GET"; http_method; content:"/gclw8p0xbn.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792138/; classtype:trojan-activity;sid:84655238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792139)"; flow:established,from_client; content:"GET"; http_method; content:"/y4v7c4zj/2lmoyj/33ye"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792139/; classtype:trojan-activity;sid:84655239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792134)"; flow:established,from_client; content:"GET"; http_method; content:"/ehwrs/h0kexpii5/hzqhkr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792134/; classtype:trojan-activity;sid:84655234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792135)"; flow:established,from_client; content:"GET"; http_method; content:"/i9wj/rpgogl8/nttx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792135/; classtype:trojan-activity;sid:84655235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792125)"; flow:established,from_client; content:"GET"; http_method; content:"/eefnp/jmrjpvjw/pfnouz71i"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792125/; classtype:trojan-activity;sid:84655225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792126)"; flow:established,from_client; content:"GET"; http_method; content:"/nlfvdzhj88/ndqvhmoh2/blrp"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792126/; classtype:trojan-activity;sid:84655226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792127)"; flow:established,from_client; content:"GET"; http_method; content:"/p9u5/jxyyjgi/wz1nm68u"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792127/; classtype:trojan-activity;sid:84655227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792128)"; flow:established,from_client; content:"GET"; http_method; content:"/d3rhtuf/ybazus/guievxnlz"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792128/; classtype:trojan-activity;sid:84655228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792129)"; flow:established,from_client; content:"GET"; http_method; content:"/ylfoqaso/r5voefrp/zhtwfgagsl"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792129/; classtype:trojan-activity;sid:84655229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792130)"; flow:established,from_client; content:"GET"; http_method; content:"/s3hhk/awaqpy/bdsqsk8zspi"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792130/; classtype:trojan-activity;sid:84655230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792131)"; flow:established,from_client; content:"GET"; http_method; content:"/lvul/pfa1suy7/8ihktx9b"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792131/; classtype:trojan-activity;sid:84655231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792132)"; flow:established,from_client; content:"GET"; http_method; content:"/ofaf/bxqmxbk/akt1ft"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792132/; classtype:trojan-activity;sid:84655232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792133)"; flow:established,from_client; content:"GET"; http_method; content:"/ecpcbuf/n0r1c/rlogdaqar"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792133/; classtype:trojan-activity;sid:84655233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792114)"; flow:established,from_client; content:"GET"; http_method; content:"/aki8wu/t8hzbk7z/epuokz7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792114/; classtype:trojan-activity;sid:84655214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792115)"; flow:established,from_client; content:"GET"; http_method; content:"/jhzgh/5f3t/8scqrxax"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792115/; classtype:trojan-activity;sid:84655215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792116)"; flow:established,from_client; content:"GET"; http_method; content:"/ngao13/aj3iwhqk6/orlkx"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792116/; classtype:trojan-activity;sid:84655216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792117)"; flow:established,from_client; content:"GET"; http_method; content:"/g2eqaodpcn7/cefmgc5/rwdjpxuskli"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792117/; classtype:trojan-activity;sid:84655217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792118)"; flow:established,from_client; content:"GET"; http_method; content:"/acqo93z1i/lptwvcj/ncrzj"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792118/; classtype:trojan-activity;sid:84655218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792119)"; flow:established,from_client; content:"GET"; http_method; content:"/gclw8p0xbn/9y7zslop5/s2gv3vxwc"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792119/; classtype:trojan-activity;sid:84655219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792120)"; flow:established,from_client; content:"GET"; http_method; content:"/ooq4yz1sw1u/bwrd/gbpz3wunp"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792120/; classtype:trojan-activity;sid:84655220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792121)"; flow:established,from_client; content:"GET"; http_method; content:"/v8dpwobgj/uwwsqkff/0qxugtjeob"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792121/; classtype:trojan-activity;sid:84655221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792122)"; flow:established,from_client; content:"GET"; http_method; content:"/mtjm9yvobg/7hv8lioyl/cgz8p8dbj5"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792122/; classtype:trojan-activity;sid:84655222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792123)"; flow:established,from_client; content:"GET"; http_method; content:"/vsaxprhor/miuhzbj/9ofiv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792123/; classtype:trojan-activity;sid:84655223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792124)"; flow:established,from_client; content:"GET"; http_method; content:"/o7vtcdq/ipix/dh8fxo"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792124/; classtype:trojan-activity;sid:84655224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792105)"; flow:established,from_client; content:"GET"; http_method; content:"/mywallet.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.nelavohomet.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792105/; classtype:trojan-activity;sid:84655205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792106)"; flow:established,from_client; content:"GET"; http_method; content:"/mneq/piomqh/vx0kj"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792106/; classtype:trojan-activity;sid:84655206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792107)"; flow:established,from_client; content:"GET"; http_method; content:"/d7x9vhk/lulf/pifknvq"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792107/; classtype:trojan-activity;sid:84655207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792108)"; flow:established,from_client; content:"GET"; http_method; content:"/j7se1/lgcd/os6wxd"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792108/; classtype:trojan-activity;sid:84655208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792109)"; flow:established,from_client; content:"GET"; http_method; content:"/0fqum2bfea/qgnnxl4/6mzmpwgpqwf"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792109/; classtype:trojan-activity;sid:84655209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792110)"; flow:established,from_client; content:"GET"; http_method; content:"/mywallet.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792110/; classtype:trojan-activity;sid:84655210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792111)"; flow:established,from_client; content:"GET"; http_method; content:"/gzmizh7cvn/xthu/kng79sfy"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792111/; classtype:trojan-activity;sid:84655211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792112)"; flow:established,from_client; content:"GET"; http_method; content:"/zkebiwnbs/imfr/pao8nh"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792112/; classtype:trojan-activity;sid:84655212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792113)"; flow:established,from_client; content:"GET"; http_method; content:"/tqbddhixetf/elgarp/27oo"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792113/; classtype:trojan-activity;sid:84655213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792072)"; flow:established,from_client; content:"GET"; http_method; content:"/nbqfvpkaus8/yi7rwlz/qxsa1op"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792072/; classtype:trojan-activity;sid:84655172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792073)"; flow:established,from_client; content:"GET"; http_method; content:"/p4251j/8iymhulrd/3d5aw3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792073/; classtype:trojan-activity;sid:84655173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792074)"; flow:established,from_client; content:"GET"; http_method; content:"/fzxhxuqiv/lnggqi/hvzk5yx"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792074/; classtype:trojan-activity;sid:84655174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792075)"; flow:established,from_client; content:"GET"; http_method; content:"/jh26v/wza7qys/ymy4wbywz8r"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792075/; classtype:trojan-activity;sid:84655175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792076)"; flow:established,from_client; content:"GET"; http_method; content:"/pt3uhvd/kt9t6/lxs78"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792076/; classtype:trojan-activity;sid:84655176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792077)"; flow:established,from_client; content:"GET"; http_method; content:"/tzodbjbirwt/jpe2/6vd4t6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792077/; classtype:trojan-activity;sid:84655177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792078)"; flow:established,from_client; content:"GET"; http_method; content:"/kaet5lkvz/gcoj/htitwtkb0"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792078/; classtype:trojan-activity;sid:84655178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792079)"; flow:established,from_client; content:"GET"; http_method; content:"/emgx1d/o4nx5/mqmg2xb"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792079/; classtype:trojan-activity;sid:84655179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792080)"; flow:established,from_client; content:"GET"; http_method; content:"/wpdwyl/kyesdan/ivtzm5k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792080/; classtype:trojan-activity;sid:84655180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792081)"; flow:established,from_client; content:"GET"; http_method; content:"/cjzkapj/rvvcs1t/fnm8vlqg1e"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792081/; classtype:trojan-activity;sid:84655181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792082)"; flow:established,from_client; content:"GET"; http_method; content:"/pxmwrr/2gvngwo9i/dntmawdh"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792082/; classtype:trojan-activity;sid:84655182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792083)"; flow:established,from_client; content:"GET"; http_method; content:"/2glfk/nx4uda3t/s7r9"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792083/; classtype:trojan-activity;sid:84655183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792084)"; flow:established,from_client; content:"GET"; http_method; content:"/yjcbqrhg/leu4rzoan/4joac"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792084/; classtype:trojan-activity;sid:84655184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792085)"; flow:established,from_client; content:"GET"; http_method; content:"/papapepev1.4.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792085/; classtype:trojan-activity;sid:84655185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792086)"; flow:established,from_client; content:"GET"; http_method; content:"/ozxb5y4kh/pyqyd/yh8u"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792086/; classtype:trojan-activity;sid:84655186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792087)"; flow:established,from_client; content:"GET"; http_method; content:"/zhs2ys/f4xjyp/bf0cnvht"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792087/; classtype:trojan-activity;sid:84655187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792088)"; flow:established,from_client; content:"GET"; http_method; content:"/3m8d2l/lkqvsy/1f4mlbphl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792088/; classtype:trojan-activity;sid:84655188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792089)"; flow:established,from_client; content:"GET"; http_method; content:"/zinjvyb3/vgd5o/x1natlcw2uj"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792089/; classtype:trojan-activity;sid:84655189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792090)"; flow:established,from_client; content:"GET"; http_method; content:"/ylfoqaso/r5voefrp/zhtwfgagsl"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792090/; classtype:trojan-activity;sid:84655190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792091)"; flow:established,from_client; content:"GET"; http_method; content:"/lcbkw9d7/0bva4/gylqzhwaqr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792091/; classtype:trojan-activity;sid:84655191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792092)"; flow:established,from_client; content:"GET"; http_method; content:"/yto3grvoir/iwbvw/8kfzwkt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792092/; classtype:trojan-activity;sid:84655192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792093)"; flow:established,from_client; content:"GET"; http_method; content:"/papapepev1.6.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"172.86.68.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792093/; classtype:trojan-activity;sid:84655193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792094)"; flow:established,from_client; content:"GET"; http_method; content:"/q7fz0uuz/0x7y4/gcfeu5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792094/; classtype:trojan-activity;sid:84655194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792095)"; flow:established,from_client; content:"GET"; http_method; content:"/papapepev1.4.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.nelavohomet.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792095/; classtype:trojan-activity;sid:84655195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792096)"; flow:established,from_client; content:"GET"; http_method; content:"/wides7/ntjvoci46/dsvc2fo"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792096/; classtype:trojan-activity;sid:84655196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792097)"; flow:established,from_client; content:"GET"; http_method; content:"/t7vdnebibod/1x6fbro6/elbhs"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792097/; classtype:trojan-activity;sid:84655197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792098)"; flow:established,from_client; content:"GET"; http_method; content:"/szruihj8dd/sls6/gbay30zjkf"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792098/; classtype:trojan-activity;sid:84655198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792099)"; flow:established,from_client; content:"GET"; http_method; content:"/uevzckqcgw2/2gbmwcao/hnlb8"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792099/; classtype:trojan-activity;sid:84655199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792100)"; flow:established,from_client; content:"GET"; http_method; content:"/tz6k58/ilsa7cw/mmlcqc6iao"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792100/; classtype:trojan-activity;sid:84655200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792101)"; flow:established,from_client; content:"GET"; http_method; content:"/index.html.want_to_cry"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792101/; classtype:trojan-activity;sid:84655201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792102)"; flow:established,from_client; content:"GET"; http_method; content:"/dwo428tf/mkuan/frtb"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792102/; classtype:trojan-activity;sid:84655202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792103)"; flow:established,from_client; content:"GET"; http_method; content:"/uyg2mulfk/cvqfmbw/s1ket"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792103/; classtype:trojan-activity;sid:84655203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792104)"; flow:established,from_client; content:"GET"; http_method; content:"/nerr/o2iotis91/bumcuwwmjsg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792104/; classtype:trojan-activity;sid:84655204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792068)"; flow:established,from_client; content:"GET"; http_method; content:"/sqpb4/yln44wozl/"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792068/; classtype:trojan-activity;sid:84655168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792069)"; flow:established,from_client; content:"GET"; http_method; content:"/398iiy/pvsgb9ln/vjxnicrn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792069/; classtype:trojan-activity;sid:84655169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792070)"; flow:established,from_client; content:"GET"; http_method; content:"/papapepev1.4.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792070/; classtype:trojan-activity;sid:84655170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792071)"; flow:established,from_client; content:"GET"; http_method; content:"/khdx6d/dm7z7/ft0jxb"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792071/; classtype:trojan-activity;sid:84655171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792063)"; flow:established,from_client; content:"GET"; http_method; content:"/omxc/u2omdbzvf/nkblcvb7u5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792063/; classtype:trojan-activity;sid:84655163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792064)"; flow:established,from_client; content:"GET"; http_method; content:"/lpihu/okoxue/z2tag9t"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792064/; classtype:trojan-activity;sid:84655164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792065)"; flow:established,from_client; content:"GET"; http_method; content:"/febo/i4tc/atre4ao"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792065/; classtype:trojan-activity;sid:84655165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792066)"; flow:established,from_client; content:"GET"; http_method; content:"/yesrgs/8pm4a/yzxdwgzauo"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792066/; classtype:trojan-activity;sid:84655166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792067)"; flow:established,from_client; content:"GET"; http_method; content:"/0z4dkmng/yisrpo4/7vjm3pszy"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792067/; classtype:trojan-activity;sid:84655167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792061)"; flow:established,from_client; content:"GET"; http_method; content:"/3iwurd5x/krtn9f/a3oeduszkcm"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792061/; classtype:trojan-activity;sid:84655161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792062)"; flow:established,from_client; content:"GET"; http_method; content:"/z8rbpp/vc2tqct/0tef3"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792062/; classtype:trojan-activity;sid:84655162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792060)"; flow:established,from_client; content:"GET"; http_method; content:"/documentos/notafiscal-fev2026-nf38291.pdf.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"216.126.239.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792060/; classtype:trojan-activity;sid:84655160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792059)"; flow:established,from_client; content:"GET"; http_method; content:"/boatnet.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"216.126.237.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792059/; classtype:trojan-activity;sid:84655159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792058)"; flow:established,from_client; content:"GET"; http_method; content:"/ft|3f|topic=s|7c|26|7c|gt=209"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"zoom.us05-web.us"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792058/; classtype:trojan-activity;sid:84655158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792057)"; flow:established,from_client; content:"GET"; http_method; content:"/sioptlrj/1prlwspkj/hcggzdkmb"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792057/; classtype:trojan-activity;sid:84655157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792056)"; flow:established,from_client; content:"GET"; http_method; content:"/xhys/t8ynh/psgfxxs"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"nelavohomet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792056/; classtype:trojan-activity;sid:84655156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792055)"; flow:established,from_client; content:"GET"; http_method; content:"/ezo0hjktpwyaizsj86zntazdnbqb3jfjrh2qin0yzkkczcchqlrxoftnll8sw64h_nj8kmljo7qz5ppdzk-qgxm4l7zmhr1dsedr"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"cloudaxis.cc"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792055/; classtype:trojan-activity;sid:84655155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792054)"; flow:established,from_client; content:"GET"; http_method; content:"/gsmft/yueu/fkvqld/tvqqwh/ushu/22.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cloudaxis.cc"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792054/; classtype:trojan-activity;sid:84655154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792053)"; flow:established,from_client; content:"GET"; http_method; content:"/gsmft/yueu/fkvqld/tvqqwh/ushu/update.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"cloudaxis.cc"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792053/; classtype:trojan-activity;sid:84655153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792052)"; flow:established,from_client; content:"GET"; http_method; content:"/gsmft/yueu/fkvqld/tvqqwh/ushu/"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"cloudaxis.cc"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792052/; classtype:trojan-activity;sid:84655152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792046)"; flow:established,from_client; content:"GET"; http_method; content:"/ezo0hjktpwyaizsj87rd9wa8hccowvpp0jdnhzrcnjrgrtj80ecrvi0vhbhu2prjhaagkrogfdqd1enkdpmtkmlwd3wsr2pyy1mwtzx6b-a/"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"216.126.236.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792046/; classtype:trojan-activity;sid:84655146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792047)"; flow:established,from_client; content:"GET"; http_method; content:"/ezo0hjktpwyaizsj87rd9wa8hccowvpp0jdnhzrcnjrgrtj80ecrvi0vhbhu2prjhaagkrogf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"216.126.236.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792047/; classtype:trojan-activity;sid:84655147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792048)"; flow:established,from_client; content:"GET"; http_method; content:"/ezo0hjktpwyaizsj87uo5qrjsga9zyu2mmr4qayhxp0xa9mdpw78cpq3zzi0fojzrhoe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"216.126.236.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792048/; classtype:trojan-activity;sid:84655148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792049)"; flow:established,from_client; content:"GET"; http_method; content:"/ezo0hjktpwyaizsj87renasrl5gef79sx86-yfr34h14nracuuqrhprvbpausypq77y9vaq9x3shb6ybq882-mojrcxsf2544huqrqz-8_"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"216.126.236.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792049/; classtype:trojan-activity;sid:84655149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792050)"; flow:established,from_client; content:"GET"; http_method; content:"/gsmft/yueu/fkvqld/tvqqwh/ushu/22.exe/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"cloudaxis.cc"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792050/; classtype:trojan-activity;sid:84655150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792051)"; flow:established,from_client; content:"GET"; http_method; content:"/gsmft/yueu/fkvqld/tvqqwh/ushu/22.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cloudaxis.cc"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792051/; classtype:trojan-activity;sid:84655151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792043)"; flow:established,from_client; content:"GET"; http_method; content:"/ezo0hjktpwyaizsj87uozwve3wvhpkn9x9ojr5dtnpwyrk1sbsk_bezqik_bgpbf06njgotxhodd0zxerxmkkzgmfjhd6bcpdxbk9tp7jnx2zqz"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"216.126.236.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792043/; classtype:trojan-activity;sid:84655143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792044)"; flow:established,from_client; content:"GET"; http_method; content:"/ezo0hjktpwyaizsj86zntazdnbqb3jfjrh2qin0yzkkczcchqlrxoftnll8sw64h_nj8kmljo7qz5ppdzk-qgxm4l7zmhr1dsedr"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"216.126.236.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792044/; classtype:trojan-activity;sid:84655144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792045)"; flow:established,from_client; content:"GET"; http_method; content:"/ezo0hjktpwyaizsj87uo5qrjsga9zyu2mmr4qayhxp0xa9mdpw78cpq3zzi0fojzrhoe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"216.126.236.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792045/; classtype:trojan-activity;sid:84655145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792042)"; flow:established,from_client; content:"GET"; http_method; content:"/test_exe/sv_chost.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.61.149.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792042/; classtype:trojan-activity;sid:84655142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792039)"; flow:established,from_client; content:"GET"; http_method; content:"/test_exe_!/config.b64"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.61.149.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792039/; classtype:trojan-activity;sid:84655139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792040)"; flow:established,from_client; content:"GET"; http_method; content:"/test_exe/config.b64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.61.149.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792040/; classtype:trojan-activity;sid:84655140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792041)"; flow:established,from_client; content:"GET"; http_method; content:"/test_exe_1/config.b64"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.61.149.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792041/; classtype:trojan-activity;sid:84655141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792038)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"roy46-cast.amperesilence.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792038/; classtype:trojan-activity;sid:84655138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792037)"; flow:established,from_client; content:"GET"; http_method; content:"/ezo0hjktpwyaizsj86zntazdnbqb3jfjrh2qin0yzkkczcchqlrxoftnll8sw64h_nj8kmljo7qz5ppdzk-qgxm4l7zmhr1dsedr"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"216.126.236.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792037/; classtype:trojan-activity;sid:84655137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792034)"; flow:established,from_client; content:"GET"; http_method; content:"/access/remote%20access-windows64-offline.exe|3f|language=en"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"45.61.151.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792034/; classtype:trojan-activity;sid:84655134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792035)"; flow:established,from_client; content:"GET"; http_method; content:"/access/remote%20access-windows32-offline.exe|3f|language=en"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"45.61.151.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792035/; classtype:trojan-activity;sid:84655135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792032)"; flow:established,from_client; content:"GET"; http_method; content:"/access/remote%20access-windows32-offline.exe|3f|language=en"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"172.86.89.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792032/; classtype:trojan-activity;sid:84655132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792033)"; flow:established,from_client; content:"GET"; http_method; content:"/access/remote%20access-windows64-offline.exe|3f|language=en"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"bulledesophros.top"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792033/; classtype:trojan-activity;sid:84655133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792031)"; flow:established,from_client; content:"GET"; http_method; content:"/access/remote%20access-windows32-offline.exe|3f|language=en"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"bulledesophros.top"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792031/; classtype:trojan-activity;sid:84655131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792029)"; flow:established,from_client; content:"GET"; http_method; content:"/test_exe/new.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.61.149.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792029/; classtype:trojan-activity;sid:84655129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792028)"; flow:established,from_client; content:"GET"; http_method; content:"/access/remote%20access-windows64-offline.exe|3f|language=en"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"172.86.89.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792028/; classtype:trojan-activity;sid:84655128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792027)"; flow:established,from_client; content:"GET"; http_method; content:"/bt/svchost.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"216.126.239.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792027/; classtype:trojan-activity;sid:84655127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792026)"; flow:established,from_client; content:"GET"; http_method; content:"/test_exe/sv_chost.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.61.149.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792026/; classtype:trojan-activity;sid:84655126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.173.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792025/; classtype:trojan-activity;sid:84655125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.84.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792024/; classtype:trojan-activity;sid:84655124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.176.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792023/; classtype:trojan-activity;sid:84655123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792022)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"xvneiys.limbsingle.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792022/; classtype:trojan-activity;sid:84655122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.237.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792021/; classtype:trojan-activity;sid:84655121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792020)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bandwidt-mesh.limbsingle.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792020/; classtype:trojan-activity;sid:84655120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.70.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792019/; classtype:trojan-activity;sid:84655119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792018)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"7axh.limbsingle.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792018/; classtype:trojan-activity;sid:84655118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.36.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792017/; classtype:trojan-activity;sid:84655117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792016)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hyper-s4mp.limbsingle.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792016/; classtype:trojan-activity;sid:84655116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.239.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792015/; classtype:trojan-activity;sid:84655115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792014)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kelfluxor.oakumsenile.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792014/; classtype:trojan-activity;sid:84655114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.237.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792013/; classtype:trojan-activity;sid:84655113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792012)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"terminal-mark.oakumsenile.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792012/; classtype:trojan-activity;sid:84655112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792011)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"lunarslo.oakumsenile.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792011/; classtype:trojan-activity;sid:84655111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792010)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=fqkkoxttkogyyrsq"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"1pqv53qc.dumbbellshower.digital"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792010/; classtype:trojan-activity;sid:84655110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.196.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792009/; classtype:trojan-activity;sid:84655109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.70.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792008/; classtype:trojan-activity;sid:84655108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.74.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792007/; classtype:trojan-activity;sid:84655107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.195.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792006/; classtype:trojan-activity;sid:84655106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.36.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792005/; classtype:trojan-activity;sid:84655105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.239.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792004/; classtype:trojan-activity;sid:84655104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.71.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792003/; classtype:trojan-activity;sid:84655103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.196.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792002/; classtype:trojan-activity;sid:84655102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.173.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792001/; classtype:trojan-activity;sid:84655101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792000)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"solcoreet3.excitfollower.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792000/; classtype:trojan-activity;sid:84655100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.61.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791999/; classtype:trojan-activity;sid:84655099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.45.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791998/; classtype:trojan-activity;sid:84655098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.74.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791997/; classtype:trojan-activity;sid:84655097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.73.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791996/; classtype:trojan-activity;sid:84655096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.244.36.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791995/; classtype:trojan-activity;sid:84655095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.232.143.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791994/; classtype:trojan-activity;sid:84655094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.144.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791993/; classtype:trojan-activity;sid:84655093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791992)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"zx8895.navignord.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791992/; classtype:trojan-activity;sid:84655092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.232.143.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791991/; classtype:trojan-activity;sid:84655091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.196.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791990/; classtype:trojan-activity;sid:84655090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.196.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791989/; classtype:trojan-activity;sid:84655089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.121.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791988/; classtype:trojan-activity;sid:84655088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.126.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791987/; classtype:trojan-activity;sid:84655087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.95.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791986/; classtype:trojan-activity;sid:84655086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791985)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"repaicloud.navignord.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791985/; classtype:trojan-activity;sid:84655085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.136.4.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791984/; classtype:trojan-activity;sid:84655084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.225.239.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791983/; classtype:trojan-activity;sid:84655083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.109.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791982/; classtype:trojan-activity;sid:84655082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791981)"; flow:established,from_client; content:"GET"; http_method; content:"/main/encrypt.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ameyiando.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791981/; classtype:trojan-activity;sid:84655081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791980)"; flow:established,from_client; content:"GET"; http_method; content:"/bgdol.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.173.143.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791980/; classtype:trojan-activity;sid:84655080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791979)"; flow:established,from_client; content:"GET"; http_method; content:"/encryptz.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"casadoserralheirosaocarlos.com.br"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791979/; classtype:trojan-activity;sid:84655079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791976)"; flow:established,from_client; content:"GET"; http_method; content:"/actiok.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"107.173.143.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791976/; classtype:trojan-activity;sid:84655076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791977)"; flow:established,from_client; content:"GET"; http_method; content:"/mynnepeng.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"107.173.143.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791977/; classtype:trojan-activity;sid:84655077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791978)"; flow:established,from_client; content:"GET"; http_method; content:"/saxch.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.173.143.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791978/; classtype:trojan-activity;sid:84655078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791975)"; flow:established,from_client; content:"GET"; http_method; content:"/nderu.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.173.143.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791975/; classtype:trojan-activity;sid:84655075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791973)"; flow:established,from_client; content:"GET"; http_method; content:"/encrypts.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"casadoserralheirosaocarlos.com.br"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791973/; classtype:trojan-activity;sid:84655073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791974)"; flow:established,from_client; content:"GET"; http_method; content:"/jhuytr/fsamegn.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"fil.ydns.eu"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791974/; classtype:trojan-activity;sid:84655074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.112.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791972/; classtype:trojan-activity;sid:84655072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791971)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|filename=optimized_msi.png"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"bafybeibqcivjhwg2msil5g62did64uhtptlf7epidbrat4gexerzfv5mmq.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791971/; classtype:trojan-activity;sid:84655071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791970)"; flow:established,from_client; content:"GET"; http_method; content:"/qztvyhlfrtq244.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"pub-4c182737706e41d29aee6cc5517f834d.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791970/; classtype:trojan-activity;sid:84655070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791969)"; flow:established,from_client; content:"GET"; http_method; content:"/predy.snp"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pub-4c182737706e41d29aee6cc5517f834d.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791969/; classtype:trojan-activity;sid:84655069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791967)"; flow:established,from_client; content:"GET"; http_method; content:"/cntncsbnyeft134.bin"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"pub-4c182737706e41d29aee6cc5517f834d.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791967/; classtype:trojan-activity;sid:84655067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791968)"; flow:established,from_client; content:"GET"; http_method; content:"/commercialized.hhk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"pub-4c182737706e41d29aee6cc5517f834d.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791968/; classtype:trojan-activity;sid:84655068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791966)"; flow:established,from_client; content:"GET"; http_method; content:"/download/2ndrumpp/2ndrumpp.png"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"archive.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791966/; classtype:trojan-activity;sid:84655066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791965)"; flow:established,from_client; content:"GET"; http_method; content:"/img_085256.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cocinanikkei.com.pe"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791965/; classtype:trojan-activity;sid:84655065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791964)"; flow:established,from_client; content:"GET"; http_method; content:"/img_141003.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"winston.rf.gd"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791964/; classtype:trojan-activity;sid:84655064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791963)"; flow:established,from_client; content:"GET"; http_method; content:"/img_055742.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"crypterrrrr.42web.io"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791963/; classtype:trojan-activity;sid:84655063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791962)"; flow:established,from_client; content:"GET"; http_method; content:"/ha3.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pub-3bc1de741f8149f49bdbafa703067f24.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791962/; classtype:trojan-activity;sid:84655062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791961)"; flow:established,from_client; content:"GET"; http_method; content:"/onedrives/img_233123.png"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"openlineseguros.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791961/; classtype:trojan-activity;sid:84655061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791959)"; flow:established,from_client; content:"GET"; http_method; content:"/eurouhyt/dgkirar.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"fil.ydns.eu"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791959/; classtype:trojan-activity;sid:84655059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791960)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sync-gate.modula.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791960/; classtype:trojan-activity;sid:84655060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791958)"; flow:established,from_client; content:"GET"; http_method; content:"/img_163200.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pub-4c182737706e41d29aee6cc5517f834d.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791958/; classtype:trojan-activity;sid:84655058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791957)"; flow:established,from_client; content:"GET"; http_method; content:"/onedrives/img_131302.png"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"openlineseguros.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791957/; classtype:trojan-activity;sid:84655057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791956)"; flow:established,from_client; content:"GET"; http_method; content:"/img_210019.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"shariels.42web.io"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791956/; classtype:trojan-activity;sid:84655056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791955)"; flow:established,from_client; content:"GET"; http_method; content:"/onedrives/optimized_msi.png"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"openlineseguros.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791955/; classtype:trojan-activity;sid:84655055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791953)"; flow:established,from_client; content:"GET"; http_method; content:"/19/items/optimized_msi_20260303_1054/optimized_msi.png"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"ia601409.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791953/; classtype:trojan-activity;sid:84655053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791954)"; flow:established,from_client; content:"GET"; http_method; content:"/onedrives/img_235532.png"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"openlineseguros.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791954/; classtype:trojan-activity;sid:84655054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791952)"; flow:established,from_client; content:"GET"; http_method; content:"/la3.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pub-3bc1de741f8149f49bdbafa703067f24.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791952/; classtype:trojan-activity;sid:84655052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791951)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/x97ra6bino9olbolx8ha8/optimized_msi.png|3f|rlkey=ek4gmta3ih6tg3kq3m9su1zsr|7c|26|7c|st=ao90xecu|7c|26|7c|dl=0|3f|id=661120a4-f576-4e8f-bc6a-7b48650ac68c"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791951/; classtype:trojan-activity;sid:84655051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791950)"; flow:established,from_client; content:"GET"; http_method; content:"/somgftred/jigcaip.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"fil.ydns.eu"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791950/; classtype:trojan-activity;sid:84655050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.164.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791949/; classtype:trojan-activity;sid:84655049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.160.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791948/; classtype:trojan-activity;sid:84655048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.38.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791947/; classtype:trojan-activity;sid:84655047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.88.164.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791946/; classtype:trojan-activity;sid:84655046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.106.241.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791945/; classtype:trojan-activity;sid:84655045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791944)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vol-base.volumex.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791944/; classtype:trojan-activity;sid:84655044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.183.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791943/; classtype:trojan-activity;sid:84655043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791942)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"trace-net.volumex.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791942/; classtype:trojan-activity;sid:84655042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791940)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"212.46.33.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791940/; classtype:trojan-activity;sid:84655040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791941)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"212.46.33.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791941/; classtype:trojan-activity;sid:84655041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791934)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"212.46.33.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791934/; classtype:trojan-activity;sid:84655034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791935)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"212.46.33.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791935/; classtype:trojan-activity;sid:84655035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791936)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"212.46.33.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791936/; classtype:trojan-activity;sid:84655036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791937)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"212.46.33.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791937/; classtype:trojan-activity;sid:84655037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791938)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"212.46.33.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791938/; classtype:trojan-activity;sid:84655038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791939)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"212.46.33.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791939/; classtype:trojan-activity;sid:84655039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.73.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791933/; classtype:trojan-activity;sid:84655033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.160.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791932/; classtype:trojan-activity;sid:84655032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.38.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791931/; classtype:trojan-activity;sid:84655031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791930)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vol-v19.volumex.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791930/; classtype:trojan-activity;sid:84655030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.228.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791929/; classtype:trojan-activity;sid:84655029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791928)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"trace-unit.volumex.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791928/; classtype:trojan-activity;sid:84655028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.225.239.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791927/; classtype:trojan-activity;sid:84655027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.183.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791926/; classtype:trojan-activity;sid:84655026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791925)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"axon-ref.axonia.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791925/; classtype:trojan-activity;sid:84655025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.121.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791924/; classtype:trojan-activity;sid:84655024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791923)"; flow:established,from_client; content:"GET"; http_method; content:"/files/bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"104.219.237.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791923/; classtype:trojan-activity;sid:84655023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791922)"; flow:established,from_client; content:"GET"; http_method; content:"/claude"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"download-version.1-45-1.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791922/; classtype:trojan-activity;sid:84655022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.185.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791921/; classtype:trojan-activity;sid:84655021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791920)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"main-sync.axonia.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791920/; classtype:trojan-activity;sid:84655020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.109.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791919/; classtype:trojan-activity;sid:84655019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.185.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791918/; classtype:trojan-activity;sid:84655018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.228.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791917/; classtype:trojan-activity;sid:84655017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.253.99.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791916/; classtype:trojan-activity;sid:84655016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.253.99.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791915/; classtype:trojan-activity;sid:84655015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791914)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"axon-v2.axonia.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791914/; classtype:trojan-activity;sid:84655014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.255.45.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791913/; classtype:trojan-activity;sid:84655013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.57.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791912/; classtype:trojan-activity;sid:84655012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791911)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"main-way.axonia.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791911/; classtype:trojan-activity;sid:84655011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.204.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791910/; classtype:trojan-activity;sid:84655010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.248.130.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791909/; classtype:trojan-activity;sid:84655009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.229.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791908/; classtype:trojan-activity;sid:84655008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.57.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791907/; classtype:trojan-activity;sid:84655007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.1.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791906/; classtype:trojan-activity;sid:84655006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.1.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791905/; classtype:trojan-activity;sid:84655005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.64.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791904/; classtype:trojan-activity;sid:84655004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791903)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kine-flow.kinetica.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791903/; classtype:trojan-activity;sid:84655003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.45.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791902/; classtype:trojan-activity;sid:84655002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.204.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791901/; classtype:trojan-activity;sid:84655001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791900)"; flow:established,from_client; content:"GET"; http_method; content:"/ziznem3269/nullhooks/raw/refs/heads/main/src/dependencies/utilities/console/null_hooks_1.8.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791900/; classtype:trojan-activity;sid:84655000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791899)"; flow:established,from_client; content:"GET"; http_method; content:"/ziznem3269/nullhooks/refs/heads/main/src/dependencies/utilities/console/null_hooks_1.8.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791899/; classtype:trojan-activity;sid:84654999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.11.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791898/; classtype:trojan-activity;sid:84654998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791897)"; flow:established,from_client; content:"GET"; http_method; content:"/tien18020/fullyexternal-cs2/main/questorial/cs_fullyexternal_2.9-alpha.3.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791897/; classtype:trojan-activity;sid:84654997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791896)"; flow:established,from_client; content:"GET"; http_method; content:"/tien18020/fullyexternal-cs2/raw/refs/heads/main/questorial/cs_fullyexternal_2.9-alpha.3.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791896/; classtype:trojan-activity;sid:84654996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.229.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791895/; classtype:trojan-activity;sid:84654995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.248.130.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791894/; classtype:trojan-activity;sid:84654994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.37.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791893/; classtype:trojan-activity;sid:84654993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.245.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791892/; classtype:trojan-activity;sid:84654992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.19.21"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791890/; classtype:trojan-activity;sid:84654990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791891)"; flow:established,from_client; content:"GET"; http_method; content:"/fiberweaverassess/cs2-cheat-2026-external/releases/download/new/external-2.5.1-win64.rar"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791891/; classtype:trojan-activity;sid:84654991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791889)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sub-net.kinetica.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791889/; classtype:trojan-activity;sid:84654989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.105.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791888/; classtype:trojan-activity;sid:84654988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.37.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791887/; classtype:trojan-activity;sid:84654987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.135.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791886/; classtype:trojan-activity;sid:84654986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791885)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kine-v07.kinetica.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791885/; classtype:trojan-activity;sid:84654985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.105.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791884/; classtype:trojan-activity;sid:84654984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791882)"; flow:established,from_client; content:"GET"; http_method; content:"/bond004/mutah-gambling-script-hack-cheat-predictor-strategies-keydrop-csmoney-csgoskins/refs/heads/main/biceps/hack_predictor_script_keydrop_csmoney_csgoskins_gambling_strategies_mutah_cheat_3.2.zip"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791882/; classtype:trojan-activity;sid:84654982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791883)"; flow:established,from_client; content:"GET"; http_method; content:"/bond004/mutah-gambling-script-hack-cheat-predictor-strategies-keydrop-csmoney-csgoskins/raw/refs/heads/main/biceps/hack_predictor_script_keydrop_csmoney_csgoskins_gambling_strategies_mutah_cheat_3.2.zip"; http_uri; depth:203; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791883/; classtype:trojan-activity;sid:84654983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.11.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791881/; classtype:trojan-activity;sid:84654981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791880)"; flow:established,from_client; content:"GET"; http_method; content:"/lezer10/cheatcode/raw/refs/heads/main/frontend/src/hooks/react-query/threads/software_2.8.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791880/; classtype:trojan-activity;sid:84654980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791879)"; flow:established,from_client; content:"GET"; http_method; content:"/lezer10/cheatcode/refs/heads/main/frontend/src/hooks/react-query/threads/software_2.8.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791879/; classtype:trojan-activity;sid:84654979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.133.100.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791878/; classtype:trojan-activity;sid:84654978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791876)"; flow:established,from_client; content:"GET"; http_method; content:"/umari4u2get-cmd/encoder/raw/refs/heads/main/include/encoder1.txt"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791876/; classtype:trojan-activity;sid:84654976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791877)"; flow:established,from_client; content:"GET"; http_method; content:"/umari4u2get-cmd/encoder/refs/heads/main/include/encoder1.txt"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791877/; classtype:trojan-activity;sid:84654977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791875)"; flow:established,from_client; content:"GET"; http_method; content:"/yelitzamarcano79/doomql/raw/refs/heads/main/data/software_3.8-beta.1.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791875/; classtype:trojan-activity;sid:84654975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791874)"; flow:established,from_client; content:"GET"; http_method; content:"/yelitzamarcano79/doomql/main/data/software_3.8-beta.1.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791874/; classtype:trojan-activity;sid:84654974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791873)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sub-node.kinetica.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791873/; classtype:trojan-activity;sid:84654973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791870)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tens-base.tensora.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791870/; classtype:trojan-activity;sid:84654970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.135.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791869/; classtype:trojan-activity;sid:84654969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.226.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791868/; classtype:trojan-activity;sid:84654968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.30.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791867/; classtype:trojan-activity;sid:84654967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.160.130.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791866/; classtype:trojan-activity;sid:84654966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791865)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ext-sync.tensora.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791865/; classtype:trojan-activity;sid:84654965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.87.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791864/; classtype:trojan-activity;sid:84654964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.184.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791863/; classtype:trojan-activity;sid:84654963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791862)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tens-v11.tensora.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791862/; classtype:trojan-activity;sid:84654962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.188.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791861/; classtype:trojan-activity;sid:84654961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.58.39.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791860/; classtype:trojan-activity;sid:84654960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791859)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ext-vault.tensora.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791859/; classtype:trojan-activity;sid:84654959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.190.185.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791858/; classtype:trojan-activity;sid:84654958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.160.130.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791857/; classtype:trojan-activity;sid:84654957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.30.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791856/; classtype:trojan-activity;sid:84654956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.184.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791855/; classtype:trojan-activity;sid:84654955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791854)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"frac-run.fractalis.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791854/; classtype:trojan-activity;sid:84654954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.223.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791853/; classtype:trojan-activity;sid:84654953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.34.109.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791852/; classtype:trojan-activity;sid:84654952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.130.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791851/; classtype:trojan-activity;sid:84654951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791850)"; flow:established,from_client; content:"GET"; http_method; content:"/massareh/pokepath-cheat/refs/heads/massareh/unhazarding/cheat-path-poke-2.1.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791850/; classtype:trojan-activity;sid:84654950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791847)"; flow:established,from_client; content:"GET"; http_method; content:"/sartakayy/cardian/refs/heads/main/docs/software-2.0.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791847/; classtype:trojan-activity;sid:84654947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791848)"; flow:established,from_client; content:"GET"; http_method; content:"/sartakayy/cardian/raw/refs/heads/main/docs/software-2.0.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791848/; classtype:trojan-activity;sid:84654948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791849)"; flow:established,from_client; content:"GET"; http_method; content:"/massareh/pokepath-cheat/raw/refs/heads/massareh/unhazarding/cheat-path-poke-2.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791849/; classtype:trojan-activity;sid:84654949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.118.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791846/; classtype:trojan-activity;sid:84654946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.128.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791845/; classtype:trojan-activity;sid:84654945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791843)"; flow:established,from_client; content:"GET"; http_method; content:"/abbashussain5/hacking-cheatsheets/refs/heads/main/responder/cheatsheets_hacking_3.4.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791843/; classtype:trojan-activity;sid:84654943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791844)"; flow:established,from_client; content:"GET"; http_method; content:"/abbashussain5/hacking-cheatsheets/raw/refs/heads/main/responder/cheatsheets_hacking_3.4.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791844/; classtype:trojan-activity;sid:84654944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791842)"; flow:established,from_client; content:"GET"; http_method; content:"/m25s5/chibi-clash-crypto-bot-crypto-game-auto-farm-clicker-cheat-token-hack-api/raw/refs/heads/main/chibi-clash-exp/chibiapp/hack_auto_clicker_chibi_crypto_cheat_clash_token_game_bot_farm_api_v1.2.zip"; http_uri; depth:201; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791842/; classtype:trojan-activity;sid:84654942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791841)"; flow:established,from_client; content:"GET"; http_method; content:"/m25s5/chibi-clash-crypto-bot-crypto-game-auto-farm-clicker-cheat-token-hack-api/refs/heads/main/chibi-clash-exp/chibiapp/hack_auto_clicker_chibi_crypto_cheat_clash_token_game_bot_farm_api_v1.2.zip"; http_uri; depth:197; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791841/; classtype:trojan-activity;sid:84654941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791840)"; flow:established,from_client; content:"GET"; http_method; content:"/jesusmiguelito/dungeonrampagecheat/raw/refs/heads/master/screenshots/dungeon_rampage_cheat_1.5.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791840/; classtype:trojan-activity;sid:84654940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791839)"; flow:established,from_client; content:"GET"; http_method; content:"/jesusmiguelito/dungeonrampagecheat/refs/heads/master/screenshots/dungeon_rampage_cheat_1.5.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791839/; classtype:trojan-activity;sid:84654939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791838)"; flow:established,from_client; content:"GET"; http_method; content:"/akashadhikari01/stomcheat/raw/refs/heads/main/stomcheat/src/main/java/me/athulsib/stomcheat/extension/cheat-stom-v1.5-beta.5.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791838/; classtype:trojan-activity;sid:84654938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791837)"; flow:established,from_client; content:"GET"; http_method; content:"/akashadhikari01/stomcheat/refs/heads/main/stomcheat/src/main/java/me/athulsib/stomcheat/extension/cheat-stom-v1.5-beta.5.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791837/; classtype:trojan-activity;sid:84654937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.90.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791836/; classtype:trojan-activity;sid:84654936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791834)"; flow:established,from_client; content:"GET"; http_method; content:"/yenohjio/teach-javascript/refs/heads/main/tanistry/java-script-teach-v3.9.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791834/; classtype:trojan-activity;sid:84654934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791835)"; flow:established,from_client; content:"GET"; http_method; content:"/yenohjio/teach-javascript/raw/refs/heads/main/tanistry/java-script-teach-v3.9.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791835/; classtype:trojan-activity;sid:84654935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791833)"; flow:established,from_client; content:"GET"; http_method; content:"/i-krushna/typingmonkey/raw/refs/heads/main/assets/software-1.4.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791833/; classtype:trojan-activity;sid:84654933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791832)"; flow:established,from_client; content:"GET"; http_method; content:"/i-krushna/typingmonkey/refs/heads/main/assets/software-1.4.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791832/; classtype:trojan-activity;sid:84654932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791831)"; flow:established,from_client; content:"GET"; http_method; content:"/ryanpheonix09/cosmo-legacy/raw/refs/heads/main/arctostaphylos/cosmo-legacy-2.0-alpha.5.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791831/; classtype:trojan-activity;sid:84654931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791830)"; flow:established,from_client; content:"GET"; http_method; content:"/ryanpheonix09/cosmo-legacy/refs/heads/main/arctostaphylos/cosmo-legacy-2.0-alpha.5.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791830/; classtype:trojan-activity;sid:84654930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791828)"; flow:established,from_client; content:"GET"; http_method; content:"/kripansh2006/waryasswhe/raw/refs/heads/main/variant/waryas-swhe-v2.0-beta.1.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791828/; classtype:trojan-activity;sid:84654928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791829)"; flow:established,from_client; content:"GET"; http_method; content:"/kripansh2006/waryasswhe/refs/heads/main/variant/waryas-swhe-v2.0-beta.1.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791829/; classtype:trojan-activity;sid:84654929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.118.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791827/; classtype:trojan-activity;sid:84654927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791825)"; flow:established,from_client; content:"GET"; http_method; content:"/moelekkkk/pandas_notes/main/mainlander/pandas-notes-v2.0.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791825/; classtype:trojan-activity;sid:84654925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791826)"; flow:established,from_client; content:"GET"; http_method; content:"/moelekkkk/pandas_notes/raw/refs/heads/main/mainlander/pandas-notes-v2.0.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791826/; classtype:trojan-activity;sid:84654926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.34.109.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791824/; classtype:trojan-activity;sid:84654924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791823)"; flow:established,from_client; content:"GET"; http_method; content:"/coker10/apeiron-nft-bot-crypto-cheat-auto-farm-clicker-game-api-hack/refs/heads/main/.vs/apeiron-nft-bot/filecontentindex/farm-bot-clicker-crypto-cheat-nft-apeiron-auto-game-api-hack-v2.1-alpha.2.zip"; http_uri; depth:200; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791823/; classtype:trojan-activity;sid:84654923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791822)"; flow:established,from_client; content:"GET"; http_method; content:"/coker10/apeiron-nft-bot-crypto-cheat-auto-farm-clicker-game-api-hack/raw/refs/heads/main/.vs/apeiron-nft-bot/filecontentindex/farm-bot-clicker-crypto-cheat-nft-apeiron-auto-game-api-hack-v2.1-alpha.2.zip"; http_uri; depth:204; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791822/; classtype:trojan-activity;sid:84654922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.115.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791821/; classtype:trojan-activity;sid:84654921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791820)"; flow:established,from_client; content:"GET"; http_method; content:"/elroxu/qorpo-world-crypto-bot-crypto-game-auto-farm-clicker-cheat-token-hack-api/raw/refs/heads/main/.vs/qorpo.world-robot/game-cheat-token-world-crypto-bot-auto-clicker-qorpo-hack-farm-api-v1.0.zip"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791820/; classtype:trojan-activity;sid:84654920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791819)"; flow:established,from_client; content:"GET"; http_method; content:"/elroxu/qorpo-world-crypto-bot-crypto-game-auto-farm-clicker-cheat-token-hack-api/main/.vs/qorpo.world-robot/game-cheat-token-world-crypto-bot-auto-clicker-qorpo-hack-farm-api-v1.0.zip"; http_uri; depth:184; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791819/; classtype:trojan-activity;sid:84654919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.140.18.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791818/; classtype:trojan-activity;sid:84654918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.68.41.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791817/; classtype:trojan-activity;sid:84654917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.128.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791816/; classtype:trojan-activity;sid:84654916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791814)"; flow:established,from_client; content:"GET"; http_method; content:"/toroto753/turan-gambling-script-hack-cheat-predictor-strategies-keydrop-skinbaron-hellcase/refs/heads/main/leapai.net/obj/hellcase_script_hack_skinbaron_gambling_cheat_keydrop_predictor_turan_strategies_2.6.zip"; http_uri; depth:211; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791814/; classtype:trojan-activity;sid:84654914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791815)"; flow:established,from_client; content:"GET"; http_method; content:"/toroto753/turan-gambling-script-hack-cheat-predictor-strategies-keydrop-skinbaron-hellcase/raw/refs/heads/main/leapai.net/obj/hellcase_script_hack_skinbaron_gambling_cheat_keydrop_predictor_turan_strategies_2.6.zip"; http_uri; depth:215; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791815/; classtype:trojan-activity;sid:84654915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791813)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dist-hub.fractalis.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791813/; classtype:trojan-activity;sid:84654913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.140.18.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791812/; classtype:trojan-activity;sid:84654912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.90.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791811/; classtype:trojan-activity;sid:84654911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791809)"; flow:established,from_client; content:"GET"; http_method; content:"/albeiroval/wild-forest-crypto-bot-crypto-game-auto-farm-clicker-cheat-token-hack-api/raw/refs/heads/main/sideboard/bot-crypto-farm-auto-clicker-game-api-token-wild-forest-hack-cheat-3.5.zip"; http_uri; depth:190; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791809/; classtype:trojan-activity;sid:84654909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791810)"; flow:established,from_client; content:"GET"; http_method; content:"/albeiroval/wild-forest-crypto-bot-crypto-game-auto-farm-clicker-cheat-token-hack-api/refs/heads/main/sideboard/bot-crypto-farm-auto-clicker-game-api-token-wild-forest-hack-cheat-3.5.zip"; http_uri; depth:186; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791810/; classtype:trojan-activity;sid:84654910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791808)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"frac-v08.fractalis.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791808/; classtype:trojan-activity;sid:84654908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.179.232.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791807/; classtype:trojan-activity;sid:84654907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.193.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791806/; classtype:trojan-activity;sid:84654906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791805)"; flow:established,from_client; content:"GET"; http_method; content:"/iyagamigtps4/nginx-cheatsheet/raw/refs/heads/main/advanced/cheatsheet-nginx-v1.2.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791805/; classtype:trojan-activity;sid:84654905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791804)"; flow:established,from_client; content:"GET"; http_method; content:"/iyagamigtps4/nginx-cheatsheet/main/advanced/cheatsheet-nginx-v1.2.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791804/; classtype:trojan-activity;sid:84654904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.57.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791803/; classtype:trojan-activity;sid:84654903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791801)"; flow:established,from_client; content:"GET"; http_method; content:"/gokulakrishnan611/docker-cheatsheet/refs/heads/main/undercrest/cheatsheet-docker-1.4-beta.5.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791801/; classtype:trojan-activity;sid:84654901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791802)"; flow:established,from_client; content:"GET"; http_method; content:"/gokulakrishnan611/docker-cheatsheet/raw/refs/heads/main/undercrest/cheatsheet-docker-1.4-beta.5.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791802/; classtype:trojan-activity;sid:84654902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.68.41.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791800/; classtype:trojan-activity;sid:84654900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791799)"; flow:established,from_client; content:"GET"; http_method; content:"/selwanhasnaoui-max/valorant-plus-cheat/raw/refs/heads/main/valorant%20plus/drectx/valorant-cheat-plus-2.3.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791799/; classtype:trojan-activity;sid:84654899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791798)"; flow:established,from_client; content:"GET"; http_method; content:"/selwanhasnaoui-max/valorant-plus-cheat/refs/heads/main/valorant%20plus/drectx/valorant-cheat-plus-2.3.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791798/; classtype:trojan-activity;sid:84654898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791797)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dist-core.fractalis.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791797/; classtype:trojan-activity;sid:84654897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.235.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791796/; classtype:trojan-activity;sid:84654896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791795)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"stab-core.stabulis.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791795/; classtype:trojan-activity;sid:84654895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.187.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791794/; classtype:trojan-activity;sid:84654894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.179.232.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791793/; classtype:trojan-activity;sid:84654893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791791/; classtype:trojan-activity;sid:84654891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.67.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791792/; classtype:trojan-activity;sid:84654892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791790)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"fix-point.stabulis.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791790/; classtype:trojan-activity;sid:84654890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.241.136.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791789/; classtype:trojan-activity;sid:84654889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.93.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791787/; classtype:trojan-activity;sid:84654887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.162.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791788/; classtype:trojan-activity;sid:84654888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.80.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791786/; classtype:trojan-activity;sid:84654886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.235.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791785/; classtype:trojan-activity;sid:84654885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.187.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791784/; classtype:trojan-activity;sid:84654884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.226.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791783/; classtype:trojan-activity;sid:84654883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791782)"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.94.211.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791782/; classtype:trojan-activity;sid:84654882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.32.84.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791781/; classtype:trojan-activity;sid:84654881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.67.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791780/; classtype:trojan-activity;sid:84654880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791779)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"stab-v33.stabulis.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791779/; classtype:trojan-activity;sid:84654879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.32.84.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791777/; classtype:trojan-activity;sid:84654877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.93.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791778/; classtype:trojan-activity;sid:84654878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.54.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791776/; classtype:trojan-activity;sid:84654876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791775)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8437455245/bydg8kl.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791775/; classtype:trojan-activity;sid:84654875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"187.86.111.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791774/; classtype:trojan-activity;sid:84654874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791773)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"quan-sys.quantoris.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791773/; classtype:trojan-activity;sid:84654873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791772)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"gen-flow.quantoris.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791772/; classtype:trojan-activity;sid:84654872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.0.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791771/; classtype:trojan-activity;sid:84654871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.1.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791770/; classtype:trojan-activity;sid:84654870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791769)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"quan-v5.quantoris.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791769/; classtype:trojan-activity;sid:84654869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.93.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791768/; classtype:trojan-activity;sid:84654868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791767)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"gen-unit.quantoris.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791767/; classtype:trojan-activity;sid:84654867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791766)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nimb-net.nimbura.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791766/; classtype:trojan-activity;sid:84654866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.71.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791765/; classtype:trojan-activity;sid:84654865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.0.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791764/; classtype:trojan-activity;sid:84654864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791763)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"alt-logic.nimbura.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791763/; classtype:trojan-activity;sid:84654863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.93.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791762/; classtype:trojan-activity;sid:84654862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791761)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nimb-v02.nimbura.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791761/; classtype:trojan-activity;sid:84654861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791760)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"alt-base.nimbura.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791760/; classtype:trojan-activity;sid:84654860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.71.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791759/; classtype:trojan-activity;sid:84654859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.215.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791758/; classtype:trojan-activity;sid:84654858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.34.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791757/; classtype:trojan-activity;sid:84654857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.24.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791756/; classtype:trojan-activity;sid:84654856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791755)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vort-data.vortexis.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791755/; classtype:trojan-activity;sid:84654855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791754)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"prim-v14.vortexis.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791754/; classtype:trojan-activity;sid:84654854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.29.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791753/; classtype:trojan-activity;sid:84654853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791752)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vort-node.vortexis.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791752/; classtype:trojan-activity;sid:84654852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.34.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791751/; classtype:trojan-activity;sid:84654851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.228.109.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791750/; classtype:trojan-activity;sid:84654850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.215.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791749/; classtype:trojan-activity;sid:84654849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.51.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791748/; classtype:trojan-activity;sid:84654848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.144.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791747/; classtype:trojan-activity;sid:84654847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.86.111.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791746/; classtype:trojan-activity;sid:84654846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791745)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"prim-sync.vortexis.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791745/; classtype:trojan-activity;sid:84654845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791744)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=yjfdvrnszyrhjbug"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"pgubdbmp.austeritymorg.digital"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791744/; classtype:trojan-activity;sid:84654844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.228.109.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791743/; classtype:trojan-activity;sid:84654843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791742)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"shad-net.shadowcreek.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791742/; classtype:trojan-activity;sid:84654842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"173.28.103.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791741/; classtype:trojan-activity;sid:84654841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791740)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"creek-base.shadowcreek.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791740/; classtype:trojan-activity;sid:84654840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.14.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791738/; classtype:trojan-activity;sid:84654838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.194.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791739/; classtype:trojan-activity;sid:84654839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"173.28.103.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791737/; classtype:trojan-activity;sid:84654837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791736)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"shad-v11.shadowcreek.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791736/; classtype:trojan-activity;sid:84654836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791735)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"creek-ref.shadowcreek.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791735/; classtype:trojan-activity;sid:84654835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.194.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791734/; classtype:trojan-activity;sid:84654834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791733)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cop-unit.copperhill.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791733/; classtype:trojan-activity;sid:84654833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791732)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hill-gate.copperhill.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791732/; classtype:trojan-activity;sid:84654832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.187.82.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791731/; classtype:trojan-activity;sid:84654831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.1.7"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791730/; classtype:trojan-activity;sid:84654830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791729)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cop-v09.copperhill.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791729/; classtype:trojan-activity;sid:84654829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.14.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791728/; classtype:trojan-activity;sid:84654828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.187.82.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791727/; classtype:trojan-activity;sid:84654827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791726)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hill-logic.copperhill.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791726/; classtype:trojan-activity;sid:84654826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791725)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mead-flow.meadowbrook.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791725/; classtype:trojan-activity;sid:84654825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.252.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791724/; classtype:trojan-activity;sid:84654824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.178.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791723/; classtype:trojan-activity;sid:84654823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791722)"; flow:established,from_client; content:"GET"; http_method; content:"/files/909884829/5ysbmto.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791722/; classtype:trojan-activity;sid:84654822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.252.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791721/; classtype:trojan-activity;sid:84654821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791720)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"brook-sync.meadowbrook.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791720/; classtype:trojan-activity;sid:84654820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.102.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791719/; classtype:trojan-activity;sid:84654819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791718)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mead-v08.meadowbrook.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791718/; classtype:trojan-activity;sid:84654818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791717)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"brook-way.meadowbrook.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791717/; classtype:trojan-activity;sid:84654817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.239.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791716/; classtype:trojan-activity;sid:84654816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.0.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791715/; classtype:trojan-activity;sid:84654815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791714)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"frost-run.frostplain.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791714/; classtype:trojan-activity;sid:84654814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.50.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791713/; classtype:trojan-activity;sid:84654813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791712)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"plain-net.frostplain.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791712/; classtype:trojan-activity;sid:84654812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.174.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791711/; classtype:trojan-activity;sid:84654811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791710)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"frost-v77.frostplain.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791710/; classtype:trojan-activity;sid:84654810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.239.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791709/; classtype:trojan-activity;sid:84654809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791708)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"plain-site.frostplain.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791708/; classtype:trojan-activity;sid:84654808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.50.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791707/; classtype:trojan-activity;sid:84654807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.0.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791706/; classtype:trojan-activity;sid:84654806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.122.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791705/; classtype:trojan-activity;sid:84654805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.76.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791704/; classtype:trojan-activity;sid:84654804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791703)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"storm-base.stormridge.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791703/; classtype:trojan-activity;sid:84654803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.174.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791702/; classtype:trojan-activity;sid:84654802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.92.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791701/; classtype:trojan-activity;sid:84654801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791700)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"storm-v6.stormridge.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791700/; classtype:trojan-activity;sid:84654800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791699)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ridge-peak.stormridge.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791699/; classtype:trojan-activity;sid:84654799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791698)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"grove-node.ashgrove.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791698/; classtype:trojan-activity;sid:84654798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.24.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791697/; classtype:trojan-activity;sid:84654797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.76.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791696/; classtype:trojan-activity;sid:84654796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.122.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791695/; classtype:trojan-activity;sid:84654795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.92.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791694/; classtype:trojan-activity;sid:84654794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791693)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ash-hub.ashgrove.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791693/; classtype:trojan-activity;sid:84654793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791692)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"grove-v05.ashgrove.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791692/; classtype:trojan-activity;sid:84654792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.24.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791691/; classtype:trojan-activity;sid:84654791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791690)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ash-vault.ashgrove.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791690/; classtype:trojan-activity;sid:84654790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791689)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"river-data.riverbend.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791689/; classtype:trojan-activity;sid:84654789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.115.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791688/; classtype:trojan-activity;sid:84654788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791687)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bend-sync.riverbend.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791687/; classtype:trojan-activity;sid:84654787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.20.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791686/; classtype:trojan-activity;sid:84654786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.130.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791685/; classtype:trojan-activity;sid:84654785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.87.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791684/; classtype:trojan-activity;sid:84654784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791683)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"river-v44.riverbend.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791683/; classtype:trojan-activity;sid:84654783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.111.130.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791682/; classtype:trojan-activity;sid:84654782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791681)"; flow:established,from_client; content:"GET"; http_method; content:"/rem.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791681/; classtype:trojan-activity;sid:84654781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791680)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791680/; classtype:trojan-activity;sid:84654780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.111.130.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791679/; classtype:trojan-activity;sid:84654779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791678)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bend-core.riverbend.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791678/; classtype:trojan-activity;sid:84654778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791677)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"pine-edge.pinecliff.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791677/; classtype:trojan-activity;sid:84654777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.200.222.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791676/; classtype:trojan-activity;sid:84654776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791675)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cliff-unit.pinecliff.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791675/; classtype:trojan-activity;sid:84654775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.20.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791674/; classtype:trojan-activity;sid:84654774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.62.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791673/; classtype:trojan-activity;sid:84654773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.87.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791672/; classtype:trojan-activity;sid:84654772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.158.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791671/; classtype:trojan-activity;sid:84654771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.166.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791670/; classtype:trojan-activity;sid:84654770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791669)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cliff-gate.pinecliff.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791669/; classtype:trojan-activity;sid:84654769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.158.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791668/; classtype:trojan-activity;sid:84654768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791667)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"grove-flow.mistgrove.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791667/; classtype:trojan-activity;sid:84654767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.202.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791666/; classtype:trojan-activity;sid:84654766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.202.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791665/; classtype:trojan-activity;sid:84654765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.178.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791664/; classtype:trojan-activity;sid:84654764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.8.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791663/; classtype:trojan-activity;sid:84654763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.200.222.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791662/; classtype:trojan-activity;sid:84654762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.231.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791661/; classtype:trojan-activity;sid:84654761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791660)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mist-net.mistgrove.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791660/; classtype:trojan-activity;sid:84654760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.13.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791658/; classtype:trojan-activity;sid:84654758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.13.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791659/; classtype:trojan-activity;sid:84654759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791657)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"142.248.228.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791657/; classtype:trojan-activity;sid:84654757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791656)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"grove-v12.mistgrove.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791656/; classtype:trojan-activity;sid:84654756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791655)"; flow:established,from_client; content:"GET"; http_method; content:"/files/heine/random.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791655/; classtype:trojan-activity;sid:84654755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791654)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mist-base.mistgrove.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791654/; classtype:trojan-activity;sid:84654754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791653)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sun-path.sunvalley.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791653/; classtype:trojan-activity;sid:84654753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.53.28.16"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791651/; classtype:trojan-activity;sid:84654751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.14.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791652/; classtype:trojan-activity;sid:84654752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.195.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791650/; classtype:trojan-activity;sid:84654750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791649)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"valley-sync.sunvalley.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791649/; classtype:trojan-activity;sid:84654749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.27.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791647/; classtype:trojan-activity;sid:84654747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.231.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791648/; classtype:trojan-activity;sid:84654748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791646)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sun-v01.sunvalley.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791646/; classtype:trojan-activity;sid:84654746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791645)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"valley-node.sunvalley.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791645/; classtype:trojan-activity;sid:84654745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.162.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791644/; classtype:trojan-activity;sid:84654744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.102.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791643/; classtype:trojan-activity;sid:84654743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791642)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"way-logic.clingway.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791642/; classtype:trojan-activity;sid:84654742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.14.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791641/; classtype:trojan-activity;sid:84654741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.113.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791640/; classtype:trojan-activity;sid:84654740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.27.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791639/; classtype:trojan-activity;sid:84654739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791638)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cling-05.clingway.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791638/; classtype:trojan-activity;sid:84654738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.137.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791637/; classtype:trojan-activity;sid:84654737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.53.28.16"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791636/; classtype:trojan-activity;sid:84654736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791635)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"way-v1.clingway.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791635/; classtype:trojan-activity;sid:84654735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.225.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791634/; classtype:trojan-activity;sid:84654734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.133.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791633/; classtype:trojan-activity;sid:84654733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.98.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791632/; classtype:trojan-activity;sid:84654732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791631)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cling-way.clingway.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791631/; classtype:trojan-activity;sid:84654731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.66.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791630/; classtype:trojan-activity;sid:84654730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.138.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791628/; classtype:trojan-activity;sid:84654728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.66.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791629/; classtype:trojan-activity;sid:84654729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791627)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"142.248.228.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791627/; classtype:trojan-activity;sid:84654727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.128.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791626/; classtype:trojan-activity;sid:84654726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.138.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791625/; classtype:trojan-activity;sid:84654725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.225.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791624/; classtype:trojan-activity;sid:84654724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791623)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"par-node.parishwhale.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791623/; classtype:trojan-activity;sid:84654723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791622)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"whale-sync.parishwhale.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791622/; classtype:trojan-activity;sid:84654722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.98.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791621/; classtype:trojan-activity;sid:84654721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.36.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791620/; classtype:trojan-activity;sid:84654720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.64.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791618/; classtype:trojan-activity;sid:84654718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791617)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"par-v33.parishwhale.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791617/; classtype:trojan-activity;sid:84654717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791616)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr."; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.38.142.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791616/; classtype:trojan-activity;sid:84654716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791614)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"46.8.68.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791614/; classtype:trojan-activity;sid:84654714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791615)"; flow:established,from_client; content:"GET"; http_method; content:"/main/bins/arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"80.97.124.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791615/; classtype:trojan-activity;sid:84654715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791612)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"46.8.68.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791612/; classtype:trojan-activity;sid:84654712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791613)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i468"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"46.8.68.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791613/; classtype:trojan-activity;sid:84654713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791611)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc440fp"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.68.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791611/; classtype:trojan-activity;sid:84654711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791596)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.mpsl"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"180.93.52.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791596/; classtype:trojan-activity;sid:84654696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791597)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.sh4"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"180.93.52.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791597/; classtype:trojan-activity;sid:84654697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791598)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.arm6"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"180.93.52.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791598/; classtype:trojan-activity;sid:84654698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791599)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.arc"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"180.93.52.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791599/; classtype:trojan-activity;sid:84654699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791600)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.x86_64"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"180.93.52.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791600/; classtype:trojan-activity;sid:84654700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791601)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.m68k"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"180.93.52.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791601/; classtype:trojan-activity;sid:84654701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791602)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.arm7"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"180.93.52.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791602/; classtype:trojan-activity;sid:84654702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791603)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.x86"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"180.93.52.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791603/; classtype:trojan-activity;sid:84654703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791604)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.arm"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"180.93.52.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791604/; classtype:trojan-activity;sid:84654704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791605)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.i486"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"180.93.52.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791605/; classtype:trojan-activity;sid:84654705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791606)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.arm5"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"180.93.52.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791606/; classtype:trojan-activity;sid:84654706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791607)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.spc"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"180.93.52.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791607/; classtype:trojan-activity;sid:84654707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791608)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.mips"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"180.93.52.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791608/; classtype:trojan-activity;sid:84654708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791609)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.ppc"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"180.93.52.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791609/; classtype:trojan-activity;sid:84654709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791610)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.i686"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"180.93.52.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791610/; classtype:trojan-activity;sid:84654710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791595)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fertas.com.tr"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791595/; classtype:trojan-activity;sid:84654695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.128.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791594/; classtype:trojan-activity;sid:84654694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791593)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"whale-port.parishwhale.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791593/; classtype:trojan-activity;sid:84654693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791592)"; flow:established,from_client; content:"GET"; http_method; content:"/data.aarch64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791592/; classtype:trojan-activity;sid:84654692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.44.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791591/; classtype:trojan-activity;sid:84654691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791590)"; flow:established,from_client; content:"GET"; http_method; content:"/bbc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791590/; classtype:trojan-activity;sid:84654690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.153.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791589/; classtype:trojan-activity;sid:84654689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791588)"; flow:established,from_client; content:"GET"; http_method; content:"/data.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791588/; classtype:trojan-activity;sid:84654688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791587)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"volup-net.antivoluptuous.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791587/; classtype:trojan-activity;sid:84654687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.36.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791586/; classtype:trojan-activity;sid:84654686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791585)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"anti-02.antivoluptuous.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791585/; classtype:trojan-activity;sid:84654685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.153.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791584/; classtype:trojan-activity;sid:84654684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791583)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"volup-v6.antivoluptuous.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791583/; classtype:trojan-activity;sid:84654683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791582)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"anti-vol.antivoluptuous.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791582/; classtype:trojan-activity;sid:84654682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791581)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"crea-sync.nightcreate.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791581/; classtype:trojan-activity;sid:84654681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.224.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791580/; classtype:trojan-activity;sid:84654680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791579)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.137.245.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791579/; classtype:trojan-activity;sid:84654679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791577)"; flow:established,from_client; content:"GET"; http_method; content:"/files/321/random.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791577/; classtype:trojan-activity;sid:84654677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791578)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"night-gate.nightcreate.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791578/; classtype:trojan-activity;sid:84654678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791574)"; flow:established,from_client; content:"GET"; http_method; content:"/files/bur/fast.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791574/; classtype:trojan-activity;sid:84654674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791575)"; flow:established,from_client; content:"GET"; http_method; content:"/files/mr/random.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791575/; classtype:trojan-activity;sid:84654675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791576)"; flow:established,from_client; content:"GET"; http_method; content:"/amka/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791576/; classtype:trojan-activity;sid:84654676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.9.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791573/; classtype:trojan-activity;sid:84654673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791572)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"crea-v11.nightcreate.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791572/; classtype:trojan-activity;sid:84654672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.190.19.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791571/; classtype:trojan-activity;sid:84654671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.44.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791570/; classtype:trojan-activity;sid:84654670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791569)"; flow:established,from_client; content:"GET"; http_method; content:"/4sleypfak57hgubo/wslservice.mp3"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"46.149.73.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791569/; classtype:trojan-activity;sid:84654669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791567)"; flow:established,from_client; content:"GET"; http_method; content:"/4sleypfak57hgubo/messagebus.pdf"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"46.149.73.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791567/; classtype:trojan-activity;sid:84654667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791568)"; flow:established,from_client; content:"GET"; http_method; content:"/4sleypfak57hgubo/fnplicensingservice.php"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"46.149.73.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791568/; classtype:trojan-activity;sid:84654668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791566)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/certificates/geany"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"acecareer.edu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791566/; classtype:trojan-activity;sid:84654666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791564)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/certificates/windowsupdatehelper.ps1"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"acecareer.edu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791564/; classtype:trojan-activity;sid:84654664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791565)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/certificates/config.ps1"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"acecareer.edu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791565/; classtype:trojan-activity;sid:84654665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791563)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/certificates/host.ps1"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"acecareer.edu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791563/; classtype:trojan-activity;sid:84654663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791561)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/certificates/qtum.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"acecareer.edu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791561/; classtype:trojan-activity;sid:84654661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791562)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/certificates/acr-karimichikstrelyaet-639081475329349420.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"acecareer.edu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791562/; classtype:trojan-activity;sid:84654662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791560)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/certificates/ocher.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"acecareer.edu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791560/; classtype:trojan-activity;sid:84654660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791559)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/certificates/hov.hta"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"acecareer.edu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791559/; classtype:trojan-activity;sid:84654659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.0.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791558/; classtype:trojan-activity;sid:84654658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791557)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"night-mode.nightcreate.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791557/; classtype:trojan-activity;sid:84654657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791556)"; flow:established,from_client; content:"GET"; http_method; content:"/kfhogts"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.242.3.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791556/; classtype:trojan-activity;sid:84654656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791555)"; flow:established,from_client; content:"GET"; http_method; content:"/oqqqqoa.mp3"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.242.3.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791555/; classtype:trojan-activity;sid:84654655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791554)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"up-flow.anyutkiup.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791554/; classtype:trojan-activity;sid:84654654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791553)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"any-08.anyutkiup.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791553/; classtype:trojan-activity;sid:84654653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.190.19.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791552/; classtype:trojan-activity;sid:84654652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.0.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791551/; classtype:trojan-activity;sid:84654651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791550)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"utki-v3.anyutkiup.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791550/; classtype:trojan-activity;sid:84654650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.161.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791549/; classtype:trojan-activity;sid:84654649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.205.59.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791548/; classtype:trojan-activity;sid:84654648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791547)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"any-up.anyutkiup.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791547/; classtype:trojan-activity;sid:84654647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791546)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"oral-net.cavalieroral.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791546/; classtype:trojan-activity;sid:84654646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791545)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cav-base.cavalieroral.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791545/; classtype:trojan-activity;sid:84654645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791544)"; flow:established,from_client; content:"GET"; http_method; content:"/25/c/img_221646.png"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"96.44.159.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791544/; classtype:trojan-activity;sid:84654644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791543)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi/optimized_msi.png"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"msimasidownload.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791543/; classtype:trojan-activity;sid:84654643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791542)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"oral-v4.cavalieroral.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791542/; classtype:trojan-activity;sid:84654642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.58.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791541/; classtype:trojan-activity;sid:84654641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.55.197.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791540/; classtype:trojan-activity;sid:84654640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.246.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791539/; classtype:trojan-activity;sid:84654639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791538)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cav-oral.cavalieroral.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791538/; classtype:trojan-activity;sid:84654638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791537)"; flow:established,from_client; content:"GET"; http_method; content:"/acd746d7fe8b40c7b1f8-1.0.xpi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"021.zip98d.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791537/; classtype:trojan-activity;sid:84654637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791536)"; flow:established,from_client; content:"GET"; http_method; content:"/wps_setup64.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.irbis2000.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791536/; classtype:trojan-activity;sid:84654636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791535)"; flow:established,from_client; content:"GET"; http_method; content:"/adyvot/update/raw/refs/heads/main/0urkspr63xoryra2.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791535/; classtype:trojan-activity;sid:84654635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791530)"; flow:established,from_client; content:"GET"; http_method; content:"/files/i"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"104.219.237.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791530/; classtype:trojan-activity;sid:84654630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791531)"; flow:established,from_client; content:"GET"; http_method; content:"/get-file.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kizarmenu.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791531/; classtype:trojan-activity;sid:84654631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791532)"; flow:established,from_client; content:"GET"; http_method; content:"/ademmartinez71-cmd/test/raw/refs/heads/main/xclient.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791532/; classtype:trojan-activity;sid:84654632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791533)"; flow:established,from_client; content:"GET"; http_method; content:"/ademmartinez71-cmd/test/refs/heads/main/xclient.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791533/; classtype:trojan-activity;sid:84654633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791534)"; flow:established,from_client; content:"GET"; http_method; content:"/adyvot/update/refs/heads/main/0urkspr63xoryra2.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791534/; classtype:trojan-activity;sid:84654634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.206.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791529/; classtype:trojan-activity;sid:84654629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791528)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"rel-sync.lamarelativ.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791528/; classtype:trojan-activity;sid:84654628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.206.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791527/; classtype:trojan-activity;sid:84654627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.93.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791526/; classtype:trojan-activity;sid:84654626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.83.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791525/; classtype:trojan-activity;sid:84654625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.118.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791524/; classtype:trojan-activity;sid:84654624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791523)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"lama-v5.lamarelativ.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791523/; classtype:trojan-activity;sid:84654623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791522)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"rel-node.lamarelativ.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791522/; classtype:trojan-activity;sid:84654622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791521)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"lama-rel.lamarelativ.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791521/; classtype:trojan-activity;sid:84654621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791520)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"salv-net.crucifionsalval.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791520/; classtype:trojan-activity;sid:84654620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.93.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791519/; classtype:trojan-activity;sid:84654619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.203.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791518/; classtype:trojan-activity;sid:84654618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791517)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"salv-unit.crucifionsalval.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791517/; classtype:trojan-activity;sid:84654617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.58.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791516/; classtype:trojan-activity;sid:84654616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791515)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cruc-base.crucifionsalval.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791515/; classtype:trojan-activity;sid:84654615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791514)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sens-track.repeatsensat.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791514/; classtype:trojan-activity;sid:84654614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791513)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"repeat-01.repeatsensat.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791513/; classtype:trojan-activity;sid:84654613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791512)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sens-v2.repeatsensat.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791512/; classtype:trojan-activity;sid:84654612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.146.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791511/; classtype:trojan-activity;sid:84654611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791510)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791510/; classtype:trojan-activity;sid:84654610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791509)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791509/; classtype:trojan-activity;sid:84654609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791501)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791501/; classtype:trojan-activity;sid:84654601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791502)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791502/; classtype:trojan-activity;sid:84654602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791503)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791503/; classtype:trojan-activity;sid:84654603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791504)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791504/; classtype:trojan-activity;sid:84654604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791505)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791505/; classtype:trojan-activity;sid:84654605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791506)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791506/; classtype:trojan-activity;sid:84654606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791507)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791507/; classtype:trojan-activity;sid:84654607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791508)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791508/; classtype:trojan-activity;sid:84654608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791499)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791499/; classtype:trojan-activity;sid:84654599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791500)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791500/; classtype:trojan-activity;sid:84654600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791498)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6624765280/0nwzywk.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791498/; classtype:trojan-activity;sid:84654598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.254.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791497/; classtype:trojan-activity;sid:84654597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.138.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791496/; classtype:trojan-activity;sid:84654596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.138.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791495/; classtype:trojan-activity;sid:84654595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791494)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"repeat-hub.repeatsensat.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791494/; classtype:trojan-activity;sid:84654594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.143.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791493/; classtype:trojan-activity;sid:84654593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.216.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791492/; classtype:trojan-activity;sid:84654592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.216.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791491/; classtype:trojan-activity;sid:84654591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.203.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791490/; classtype:trojan-activity;sid:84654590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.100.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791489/; classtype:trojan-activity;sid:84654589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.254.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791488/; classtype:trojan-activity;sid:84654588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.15.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791487/; classtype:trojan-activity;sid:84654587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.27.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791486/; classtype:trojan-activity;sid:84654586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791485)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"b-node.freebspirit.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791485/; classtype:trojan-activity;sid:84654585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791483)"; flow:established,from_client; content:"GET"; http_method; content:"/shura-gh0st69/peer_hire_hackhazards_25/raw/refs/heads/main/smart_contracts/contracts/utils/hire-peer-hackhazards-3.3-beta.5.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791483/; classtype:trojan-activity;sid:84654583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791484)"; flow:established,from_client; content:"GET"; http_method; content:"/shura-gh0st69/peer_hire_hackhazards_25/refs/heads/main/smart_contracts/contracts/utils/hire-peer-hackhazards-3.3-beta.5.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791484/; classtype:trojan-activity;sid:84654584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.146.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791482/; classtype:trojan-activity;sid:84654582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791480)"; flow:established,from_client; content:"GET"; http_method; content:"/argadia38/lampa-client/raw/refs/heads/main/eridanid/lamp_client_v2.8.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791480/; classtype:trojan-activity;sid:84654580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791481)"; flow:established,from_client; content:"GET"; http_method; content:"/argadia38/lampa-client/refs/heads/main/eridanid/lamp_client_v2.8.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791481/; classtype:trojan-activity;sid:84654581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791478)"; flow:established,from_client; content:"GET"; http_method; content:"/thesigma10/revbshell/refs/heads/main/ko/software-1.6-beta.2.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791478/; classtype:trojan-activity;sid:84654578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791479)"; flow:established,from_client; content:"GET"; http_method; content:"/thesigma10/revbshell/raw/refs/heads/main/ko/software-1.6-beta.2.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791479/; classtype:trojan-activity;sid:84654579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.127.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791477/; classtype:trojan-activity;sid:84654577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791476)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"free-spirit.freebspirit.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791476/; classtype:trojan-activity;sid:84654576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.151.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791475/; classtype:trojan-activity;sid:84654575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.151.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791474/; classtype:trojan-activity;sid:84654574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791472)"; flow:established,from_client; content:"GET"; http_method; content:"/skardavid86/rpc/raw/refs/heads/main/packet/1.txt"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791472/; classtype:trojan-activity;sid:84654572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791473)"; flow:established,from_client; content:"GET"; http_method; content:"/skardavid86/rpc/refs/heads/main/packet/1.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791473/; classtype:trojan-activity;sid:84654573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.7.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791471/; classtype:trojan-activity;sid:84654571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.100.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791470/; classtype:trojan-activity;sid:84654570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791469)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"norflux0os.starfield.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791469/; classtype:trojan-activity;sid:84654569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.7.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791468/; classtype:trojan-activity;sid:84654568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791467)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"norvenen9.ironcrest.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791467/; classtype:trojan-activity;sid:84654567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.27.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791465/; classtype:trojan-activity;sid:84654565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.69.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791464/; classtype:trojan-activity;sid:84654564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791463)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"opticspower.ironcrest.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791463/; classtype:trojan-activity;sid:84654563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.95.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791462/; classtype:trojan-activity;sid:84654562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791461)"; flow:established,from_client; content:"GET"; http_method; content:"/nobo8/roblox-macro-v3.0.0/raw/refs/heads/main/language/macr_roblo_v3.0-beta.5.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791461/; classtype:trojan-activity;sid:84654561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791460)"; flow:established,from_client; content:"GET"; http_method; content:"/nobo8/roblox-macro-v3.0.0/main/language/macr_roblo_v3.0-beta.5.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791460/; classtype:trojan-activity;sid:84654560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791459)"; flow:established,from_client; content:"GET"; http_method; content:"/alhayaza/codex-roblox/raw/refs/heads/main/pietism/roblox_codex_v2.8-alpha.1.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791459/; classtype:trojan-activity;sid:84654559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791458)"; flow:established,from_client; content:"GET"; http_method; content:"/alhayaza/codex-roblox/refs/heads/main/pietism/roblox_codex_v2.8-alpha.1.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791458/; classtype:trojan-activity;sid:84654558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.240.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791457/; classtype:trojan-activity;sid:84654557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791456)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ultraautumn.ironcrest.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791456/; classtype:trojan-activity;sid:84654556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791455)"; flow:established,from_client; content:"GET"; http_method; content:"/ounissi-meriem/axon/raw/refs/heads/main/src/core/software-v1.8.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791455/; classtype:trojan-activity;sid:84654555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791454)"; flow:established,from_client; content:"GET"; http_method; content:"/ounissi-meriem/axon/main/src/core/software-v1.8.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791454/; classtype:trojan-activity;sid:84654554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.135.206.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791453/; classtype:trojan-activity;sid:84654553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791451)"; flow:established,from_client; content:"GET"; http_method; content:"/hydrangeapaniculatabokchoi171/basic-injecting-code-to-roblox-process/refs/heads/main/guarrau/roblox_code_basic_to_process_injecting_3.7.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791451/; classtype:trojan-activity;sid:84654551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791452)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bytebin.ironcrest.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791452/; classtype:trojan-activity;sid:84654552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791450)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mora-branch.oakridge.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791450/; classtype:trojan-activity;sid:84654550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.23.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791449/; classtype:trojan-activity;sid:84654549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.124.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791448/; classtype:trojan-activity;sid:84654548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791447)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"scriptsprout.oakridge.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791447/; classtype:trojan-activity;sid:84654547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791446)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"scriptsprout.oakridge.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791446/; classtype:trojan-activity;sid:84654546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.104.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791445/; classtype:trojan-activity;sid:84654545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.26.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791444/; classtype:trojan-activity;sid:84654544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.69.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791443/; classtype:trojan-activity;sid:84654543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.34.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791442/; classtype:trojan-activity;sid:84654542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.158.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791441/; classtype:trojan-activity;sid:84654541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791440)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"smarttrue.oakridge.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791440/; classtype:trojan-activity;sid:84654540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.12.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791439/; classtype:trojan-activity;sid:84654539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.195.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791438/; classtype:trojan-activity;sid:84654538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.135.206.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791437/; classtype:trojan-activity;sid:84654537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.33.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791436/; classtype:trojan-activity;sid:84654536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791435)"; flow:established,from_client; content:"GET"; http_method; content:"/files/rdx/random.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791435/; classtype:trojan-activity;sid:84654535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.23.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791434/; classtype:trojan-activity;sid:84654534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.26.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791433/; classtype:trojan-activity;sid:84654533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791432)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hyper-rap1d.lakecrest.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791432/; classtype:trojan-activity;sid:84654532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.235.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791431/; classtype:trojan-activity;sid:84654531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791430)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"medi3-graph.lakecrest.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791430/; classtype:trojan-activity;sid:84654530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791428)"; flow:established,from_client; content:"GET"; http_method; content:"/nasernazem/tinjector_symbi/refs/heads/master/stub/injector_symbi_t_v3.3.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791428/; classtype:trojan-activity;sid:84654528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791429)"; flow:established,from_client; content:"GET"; http_method; content:"/nasernazem/tinjector_symbi/raw/refs/heads/master/stub/injector_symbi_t_v3.3.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791429/; classtype:trojan-activity;sid:84654529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.195.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791427/; classtype:trojan-activity;sid:84654527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.20.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791425/; classtype:trojan-activity;sid:84654525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.195.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791426/; classtype:trojan-activity;sid:84654526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791424)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"veltideis.lakecrest.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791424/; classtype:trojan-activity;sid:84654524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.158.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791423/; classtype:trojan-activity;sid:84654523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791422)"; flow:established,from_client; content:"GET"; http_method; content:"/weedgirl08/roblox-scripts/raw/refs/heads/main/terrifyingly/roblox_scripts_2.0.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791422/; classtype:trojan-activity;sid:84654522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791420)"; flow:established,from_client; content:"GET"; http_method; content:"/weedgirl08/roblox-scripts/refs/heads/main/terrifyingly/roblox_scripts_2.0.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791420/; classtype:trojan-activity;sid:84654520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791421)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"e66c3.lakecrest.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791421/; classtype:trojan-activity;sid:84654521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791419)"; flow:established,from_client; content:"GET"; http_method; content:"/yurism123/rbxfpsunlocker/raw/refs/heads/main/puppetman/software_1.4-beta.3.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791419/; classtype:trojan-activity;sid:84654519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791418)"; flow:established,from_client; content:"GET"; http_method; content:"/yurism123/rbxfpsunlocker/main/puppetman/software_1.4-beta.3.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791418/; classtype:trojan-activity;sid:84654518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.33.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791417/; classtype:trojan-activity;sid:84654517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791416)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"fernsecur.windfield.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791416/; classtype:trojan-activity;sid:84654516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.84.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791415/; classtype:trojan-activity;sid:84654515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.20.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791414/; classtype:trojan-activity;sid:84654514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791413)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sens0-core.windfield.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791413/; classtype:trojan-activity;sid:84654513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.202.64.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791412/; classtype:trojan-activity;sid:84654512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791411)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"route-spa.windfield.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791411/; classtype:trojan-activity;sid:84654511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.195.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791410/; classtype:trojan-activity;sid:84654510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791409)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cora-clu.stonefield.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791409/; classtype:trojan-activity;sid:84654509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.235.242.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791408/; classtype:trojan-activity;sid:84654508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791407)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"formalcraft.stonefield.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791407/; classtype:trojan-activity;sid:84654507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.89.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791406/; classtype:trojan-activity;sid:84654506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.64.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791405/; classtype:trojan-activity;sid:84654505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791404/; classtype:trojan-activity;sid:84654504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791403)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"jqicypl.stonefield.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791403/; classtype:trojan-activity;sid:84654503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791402)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"fallshie.stonefield.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791402/; classtype:trojan-activity;sid:84654502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791401)"; flow:established,from_client; content:"GET"; http_method; content:"/launcher.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"azuro.pro"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791401/; classtype:trojan-activity;sid:84654501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791400)"; flow:established,from_client; content:"GET"; http_method; content:"/bluexxim/fivem-spoofer/refs/heads/main/cfxbypass.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791400/; classtype:trojan-activity;sid:84654500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791399)"; flow:established,from_client; content:"GET"; http_method; content:"/bluexxim/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791399/; classtype:trojan-activity;sid:84654499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791398)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"alt-cor3.darkridge.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791398/; classtype:trojan-activity;sid:84654498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791396)"; flow:established,from_client; content:"GET"; http_method; content:"/chesst1s/silentum-spoofer/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791396/; classtype:trojan-activity;sid:84654496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791397)"; flow:established,from_client; content:"GET"; http_method; content:"/chesst1s/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791397/; classtype:trojan-activity;sid:84654497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.89.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791395/; classtype:trojan-activity;sid:84654495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791394)"; flow:established,from_client; content:"GET"; http_method; content:"/b1tcherss/fivem-spoofer/refs/heads/main/cfxbypass.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791394/; classtype:trojan-activity;sid:84654494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791393)"; flow:established,from_client; content:"GET"; http_method; content:"/b1tcherss/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791393/; classtype:trojan-activity;sid:84654493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791392)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tintttw.darkridge.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791392/; classtype:trojan-activity;sid:84654492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791391)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"min0r-stream.darkridge.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791391/; classtype:trojan-activity;sid:84654491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.118.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791390/; classtype:trojan-activity;sid:84654490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.221.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791389/; classtype:trojan-activity;sid:84654489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.165.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791388/; classtype:trojan-activity;sid:84654488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.73.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791387/; classtype:trojan-activity;sid:84654487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.235.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791386/; classtype:trojan-activity;sid:84654486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791385)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.23.205.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791385/; classtype:trojan-activity;sid:84654485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791384)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vvest-route.darkridge.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791384/; classtype:trojan-activity;sid:84654484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.69.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791383/; classtype:trojan-activity;sid:84654483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791382)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"5ync4-loop.goldridge.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791382/; classtype:trojan-activity;sid:84654482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791381)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"alignion.goldridge.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791381/; classtype:trojan-activity;sid:84654481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791380)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"udfu.goldridge.in.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791380/; classtype:trojan-activity;sid:84654480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.126.86.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791379/; classtype:trojan-activity;sid:84654479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.83.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791378/; classtype:trojan-activity;sid:84654478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.148.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791377/; classtype:trojan-activity;sid:84654477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791376)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"drifstac.bluecrest.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791376/; classtype:trojan-activity;sid:84654476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.15.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791375/; classtype:trojan-activity;sid:84654475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.168.219.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791374/; classtype:trojan-activity;sid:84654474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791373)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ship-spark.redcrest.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791373/; classtype:trojan-activity;sid:84654473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.110.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791372/; classtype:trojan-activity;sid:84654472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.126.86.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791371/; classtype:trojan-activity;sid:84654471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.252.174.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791370/; classtype:trojan-activity;sid:84654470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.15.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791369/; classtype:trojan-activity;sid:84654469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.186.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791368/; classtype:trojan-activity;sid:84654468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.37.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791367/; classtype:trojan-activity;sid:84654467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.80.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791366/; classtype:trojan-activity;sid:84654466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.168.219.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791365/; classtype:trojan-activity;sid:84654465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.27.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791364/; classtype:trojan-activity;sid:84654464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.255.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791362/; classtype:trojan-activity;sid:84654462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.59.129.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791363/; classtype:trojan-activity;sid:84654463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791361)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"crafshi.getreplay.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791361/; classtype:trojan-activity;sid:84654461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791360)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"geneexp.getreplay.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791360/; classtype:trojan-activity;sid:84654460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.37.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791359/; classtype:trojan-activity;sid:84654459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791358)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"73rgwdew.getreplay.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791358/; classtype:trojan-activity;sid:84654458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.109.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791357/; classtype:trojan-activity;sid:84654457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.90.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791356/; classtype:trojan-activity;sid:84654456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.80.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791355/; classtype:trojan-activity;sid:84654455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.255.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791354/; classtype:trojan-activity;sid:84654454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.59.129.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791353/; classtype:trojan-activity;sid:84654453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.201.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791352/; classtype:trojan-activity;sid:84654452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791350)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"neo-5ound.caseoptional.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791350/; classtype:trojan-activity;sid:84654450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.91.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791351/; classtype:trojan-activity;sid:84654451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.251.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791349/; classtype:trojan-activity;sid:84654449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.80.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791348/; classtype:trojan-activity;sid:84654448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.28.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791347/; classtype:trojan-activity;sid:84654447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.201.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791346/; classtype:trojan-activity;sid:84654446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791345)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"passiveasset.caseoptional.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791345/; classtype:trojan-activity;sid:84654445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.181.225.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791344/; classtype:trojan-activity;sid:84654444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.109.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791343/; classtype:trojan-activity;sid:84654443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.28.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791342/; classtype:trojan-activity;sid:84654442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.237.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791341/; classtype:trojan-activity;sid:84654441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.245.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791340/; classtype:trojan-activity;sid:84654440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.80.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791339/; classtype:trojan-activity;sid:84654439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.237.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791338/; classtype:trojan-activity;sid:84654438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.172.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791337/; classtype:trojan-activity;sid:84654437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791335)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=qmolvibgcisorqtf"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"0a6nq1j0.budenowcvolt.digital"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791335/; classtype:trojan-activity;sid:84654435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791336)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"trispireum7.dancingvck.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791336/; classtype:trojan-activity;sid:84654436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791334)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8468794285/ibc1oe9.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791334/; classtype:trojan-activity;sid:84654434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"67.20.225.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791332/; classtype:trojan-activity;sid:84654432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.195.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791333/; classtype:trojan-activity;sid:84654433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.245.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791330/; classtype:trojan-activity;sid:84654430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.221.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791331/; classtype:trojan-activity;sid:84654431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791329)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cargo9-stack.dancingvck.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791329/; classtype:trojan-activity;sid:84654429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791328)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"stone3-lab.dancingvck.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791328/; classtype:trojan-activity;sid:84654428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.172.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791327/; classtype:trojan-activity;sid:84654427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.112.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791326/; classtype:trojan-activity;sid:84654426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791325)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"pifn62.dancingvck.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791325/; classtype:trojan-activity;sid:84654425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.93.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791324/; classtype:trojan-activity;sid:84654424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.126.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791323/; classtype:trojan-activity;sid:84654423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.172.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791322/; classtype:trojan-activity;sid:84654422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791319)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.121.84.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791319/; classtype:trojan-activity;sid:84654419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791320)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.84.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791320/; classtype:trojan-activity;sid:84654420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791321)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.141.148.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791321/; classtype:trojan-activity;sid:84654421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791317)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.84.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791317/; classtype:trojan-activity;sid:84654417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791318)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.141.148.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791318/; classtype:trojan-activity;sid:84654418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791316)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.84.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791316/; classtype:trojan-activity;sid:84654416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791306)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.141.148.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791306/; classtype:trojan-activity;sid:84654406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791307)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.141.148.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791307/; classtype:trojan-activity;sid:84654407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791308)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.141.148.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791308/; classtype:trojan-activity;sid:84654408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791309)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.141.148.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791309/; classtype:trojan-activity;sid:84654409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791310)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.141.148.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791310/; classtype:trojan-activity;sid:84654410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791311)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.141.148.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791311/; classtype:trojan-activity;sid:84654411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791312)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.141.148.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791312/; classtype:trojan-activity;sid:84654412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791313)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.141.148.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791313/; classtype:trojan-activity;sid:84654413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791314)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.141.148.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791314/; classtype:trojan-activity;sid:84654414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791315)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.141.148.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791315/; classtype:trojan-activity;sid:84654415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791303)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.121.84.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791303/; classtype:trojan-activity;sid:84654403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791304)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.84.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791304/; classtype:trojan-activity;sid:84654404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791305)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.84.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791305/; classtype:trojan-activity;sid:84654405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791302)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kla.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"196.251.107.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791302/; classtype:trojan-activity;sid:84654402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.2.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791301/; classtype:trojan-activity;sid:84654401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791300)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mh738ng0.reinsurunrock.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791300/; classtype:trojan-activity;sid:84654400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.112.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791299/; classtype:trojan-activity;sid:84654399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.172.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791298/; classtype:trojan-activity;sid:84654398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.126.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791297/; classtype:trojan-activity;sid:84654397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.8.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791296/; classtype:trojan-activity;sid:84654396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791295)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"n3ural-mark.draniercismn.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791295/; classtype:trojan-activity;sid:84654395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.118.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791294/; classtype:trojan-activity;sid:84654394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.107.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791293/; classtype:trojan-activity;sid:84654393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.40.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791292/; classtype:trojan-activity;sid:84654392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.233.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791291/; classtype:trojan-activity;sid:84654391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791290)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"coralwil.draniercismn.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791290/; classtype:trojan-activity;sid:84654390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.2.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791289/; classtype:trojan-activity;sid:84654389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.11.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791288/; classtype:trojan-activity;sid:84654388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.12.204.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791287/; classtype:trojan-activity;sid:84654387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.107.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791286/; classtype:trojan-activity;sid:84654386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.233.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791285/; classtype:trojan-activity;sid:84654385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.224.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791284/; classtype:trojan-activity;sid:84654384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791283)"; flow:established,from_client; content:"GET"; http_method; content:"/~rhotta/hellog/upload/upl/q4brypi9wfxyaho4diyg/python312x86.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"user.keio.ac.jp"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791283/; classtype:trojan-activity;sid:84654383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791282)"; flow:established,from_client; content:"GET"; http_method; content:"/~rhotta/hellog/upload/upload.cgi|3f|get=00359"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"user.keio.ac.jp"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791282/; classtype:trojan-activity;sid:84654382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791281)"; flow:established,from_client; content:"GET"; http_method; content:"/3.600hnevsak.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pub-826b2258a9f74a40abe9ee543f2409a4.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791281/; classtype:trojan-activity;sid:84654381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791279)"; flow:established,from_client; content:"GET"; http_method; content:"/api/download"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.27.157.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791279/; classtype:trojan-activity;sid:84654379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791280)"; flow:established,from_client; content:"GET"; http_method; content:"/jquery.min-4.0.2.js"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"union.macoms.la"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791280/; classtype:trojan-activity;sid:84654380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791278)"; flow:established,from_client; content:"GET"; http_method; content:"/jhuytr/abcknie.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"fil.ydns.eu"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791278/; classtype:trojan-activity;sid:84654378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791276)"; flow:established,from_client; content:"GET"; http_method; content:"/tasksvc.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.92.243.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791276/; classtype:trojan-activity;sid:84654376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791277)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xxx89413"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"172.94.9.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791277/; classtype:trojan-activity;sid:84654377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791271)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xxx59361"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"172.94.9.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791271/; classtype:trojan-activity;sid:84654371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791272)"; flow:established,from_client; content:"GET"; http_method; content:"/slc7jpkp/raw"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastefy.app"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791272/; classtype:trojan-activity;sid:84654372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791273)"; flow:established,from_client; content:"GET"; http_method; content:"/setup.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"tb2mod.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791273/; classtype:trojan-activity;sid:84654373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791274)"; flow:established,from_client; content:"GET"; http_method; content:"/20khgc26oiwefoibfuww.php"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"baraltransportes.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791274/; classtype:trojan-activity;sid:84654374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791275)"; flow:established,from_client; content:"GET"; http_method; content:"/voidrealms-1.8.9.jar"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"tb2mod.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791275/; classtype:trojan-activity;sid:84654375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791269)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique2/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791269/; classtype:trojan-activity;sid:84654369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791270)"; flow:established,from_client; content:"GET"; http_method; content:"/api/download"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"keitarocheats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791270/; classtype:trojan-activity;sid:84654370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.73.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791268/; classtype:trojan-activity;sid:84654368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.12.204.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791267/; classtype:trojan-activity;sid:84654367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.216.210.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791266/; classtype:trojan-activity;sid:84654366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.136.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791265/; classtype:trojan-activity;sid:84654365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.86.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791264/; classtype:trojan-activity;sid:84654364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.114.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791263/; classtype:trojan-activity;sid:84654363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.114.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791262/; classtype:trojan-activity;sid:84654362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.86.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791261/; classtype:trojan-activity;sid:84654361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.136.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791260/; classtype:trojan-activity;sid:84654360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791259)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"replay-net.putreplay.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791259/; classtype:trojan-activity;sid:84654359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791258)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"put08.putreplay.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791258/; classtype:trojan-activity;sid:84654358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791257)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=rsvbayurmrzwrojo"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"g70aw0re.bucketeuthan.digital"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791257/; classtype:trojan-activity;sid:84654357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.250.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791256/; classtype:trojan-activity;sid:84654356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.250.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791255/; classtype:trojan-activity;sid:84654355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.161.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791254/; classtype:trojan-activity;sid:84654354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791253)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8548282130/trp9kgi.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791253/; classtype:trojan-activity;sid:84654353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791252)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/download.php"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"us06web.zoom.us.chsh.us"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791252/; classtype:trojan-activity;sid:84654352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791251)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mod-logic.automodcompass.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791251/; classtype:trojan-activity;sid:84654351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791250)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/download.php"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.unique.hatumena.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791250/; classtype:trojan-activity;sid:84654350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791248)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/download.php"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.zoom.kazoodle.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791248/; classtype:trojan-activity;sid:84654348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791249)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/download.php"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.zoom.bigjaco.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791249/; classtype:trojan-activity;sid:84654349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791247)"; flow:established,from_client; content:"GET"; http_method; content:"/acrobat/file/hamstra_rmm_v2.4.0.68_oid50deea8e-904c-4277-94ad-d32f00ba0060_bidi6uka5namuak6hwhpuwe5w.exe"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"adobe-viewer.0lsons.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791247/; classtype:trojan-activity;sid:84654347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791246)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/download.php"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"us06web.zoom.hiaa.us"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791246/; classtype:trojan-activity;sid:84654346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.52.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791245/; classtype:trojan-activity;sid:84654345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.6.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791244/; classtype:trojan-activity;sid:84654344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791243)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8548282130/trp9kgi.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791243/; classtype:trojan-activity;sid:84654343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.161.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791242/; classtype:trojan-activity;sid:84654342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791241)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/download.php"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"us04web.zoom.us.pacl.us"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791241/; classtype:trojan-activity;sid:84654341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791240)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/download.php"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"us05web.zoom.us.vdns.us"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791240/; classtype:trojan-activity;sid:84654340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791239)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/download.php"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"us06web.zoom.patho.us"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791239/; classtype:trojan-activity;sid:84654339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791235)"; flow:established,from_client; content:"GET"; http_method; content:"/home/download.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ssa.portal.tobuy.us"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791235/; classtype:trojan-activity;sid:84654335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791236)"; flow:established,from_client; content:"GET"; http_method; content:"/home/download.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ssa.portal.eigenlicht.us"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791236/; classtype:trojan-activity;sid:84654336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791237)"; flow:established,from_client; content:"GET"; http_method; content:"/home/download.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"portal.ssa.s-w-a-t.us"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791237/; classtype:trojan-activity;sid:84654337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791238)"; flow:established,from_client; content:"GET"; http_method; content:"/home/download.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ssa.portal.cogitar.us"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791238/; classtype:trojan-activity;sid:84654338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.172.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791234/; classtype:trojan-activity;sid:84654334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791233)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mod-track.automodcompass.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791233/; classtype:trojan-activity;sid:84654333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.52.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791232/; classtype:trojan-activity;sid:84654332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791231)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/download.php"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"us06web.zoom.us.ez2.us"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791231/; classtype:trojan-activity;sid:84654331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791230)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/download.php"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"us04web.zoom.us.hmail.us"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791230/; classtype:trojan-activity;sid:84654330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791229)"; flow:established,from_client; content:"GET"; http_method; content:"/home/download.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ssa.portal.ct1.us"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791229/; classtype:trojan-activity;sid:84654329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791228)"; flow:established,from_client; content:"GET"; http_method; content:"/home/download.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ssa.portal.muratov.us"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791228/; classtype:trojan-activity;sid:84654328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791227)"; flow:established,from_client; content:"GET"; http_method; content:"/acrobat/file/z-pro_rmm_v2.4.0.68_oid2dfc226c-298e-4e3a-8120-73635d88c97e_bid6olr7p!ncegd-xxl4mnbja.exe"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"adobe-viewer.mutluay.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791227/; classtype:trojan-activity;sid:84654327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.144.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791226/; classtype:trojan-activity;sid:84654326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791225)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"auto-compass.automodcompass.in.net"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791225/; classtype:trojan-activity;sid:84654325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.27.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791224/; classtype:trojan-activity;sid:84654324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.79.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791223/; classtype:trojan-activity;sid:84654323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.53.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791222/; classtype:trojan-activity;sid:84654322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.229.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791221/; classtype:trojan-activity;sid:84654321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791220)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"156.229.164.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791220/; classtype:trojan-activity;sid:84654320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791217)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/x86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.229.164.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791217/; classtype:trojan-activity;sid:84654317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791218)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"156.229.164.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791218/; classtype:trojan-activity;sid:84654318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791219)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/teleport"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.229.164.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791219/; classtype:trojan-activity;sid:84654319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.144.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791216/; classtype:trojan-activity;sid:84654316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791215)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ional-sync.nasotoptional.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791215/; classtype:trojan-activity;sid:84654315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791214)"; flow:established,from_client; content:"GET"; http_method; content:"/acrobat/file/pro_rmm_v2.4.0.68_oid1524eda9-e102-474d-8c72-5dc11f4d9b0a_fidwssv8saqfeid32u5j1fn8q.exe"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"file-viewer.alcapps.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791214/; classtype:trojan-activity;sid:84654314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791213)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/download.php"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"us06web.zoom.us.tobuy.us"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791213/; classtype:trojan-activity;sid:84654313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791212)"; flow:established,from_client; content:"GET"; http_method; content:"/acrobat/file/zoom_rmm_v2.4.0.68_oid32c9ba59-68df-4a50-9e7c-1a07b2ac80d9_bidbqkhspyv9e2shdgskyru0g.exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"adobe-viewer.iziliang.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791212/; classtype:trojan-activity;sid:84654312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.167.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791211/; classtype:trojan-activity;sid:84654311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.230.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791210/; classtype:trojan-activity;sid:84654310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.185.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791209/; classtype:trojan-activity;sid:84654309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791208)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/download.php"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"us05web.zoom.us.1ax.us"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791208/; classtype:trojan-activity;sid:84654308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791207)"; flow:established,from_client; content:"GET"; http_method; content:"/acrobat/file/pro_rmm_v2.4.0.68_oidf2c0c91d-dfcd-4480-ab33-273bdee33c5f_fidhwknyist4ek3zdgqhkgtmq.exe"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"adobe-viewer.parallelsw.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791207/; classtype:trojan-activity;sid:84654307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791206)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/download.php"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"us04web.zoom.us.3cm.us"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791206/; classtype:trojan-activity;sid:84654306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.6.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791204/; classtype:trojan-activity;sid:84654304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.167.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791205/; classtype:trojan-activity;sid:84654305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.14.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791202/; classtype:trojan-activity;sid:84654302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.124.133.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791203/; classtype:trojan-activity;sid:84654303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.14.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791201/; classtype:trojan-activity;sid:84654301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791200)"; flow:established,from_client; content:"GET"; http_method; content:"/acrobat/file/start_rmm_v2.4.0.68_oida1ecb191-39b6-4334-8f63-2cb6c5385be6_bidq2uaaqj91kmiakbimdyjmw.exe"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"file-viewer.detprod.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791200/; classtype:trojan-activity;sid:84654300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791199)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ional-hub.nasotoptional.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791199/; classtype:trojan-activity;sid:84654299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791198)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"lent-net.chopexcellent.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791198/; classtype:trojan-activity;sid:84654298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.31.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791197/; classtype:trojan-activity;sid:84654297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.124.133.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791196/; classtype:trojan-activity;sid:84654296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.181.225.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791195/; classtype:trojan-activity;sid:84654295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.233.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791194/; classtype:trojan-activity;sid:84654294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791193/; classtype:trojan-activity;sid:84654293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791192)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8468794285/5vrodfe.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791192/; classtype:trojan-activity;sid:84654292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.47.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791191/; classtype:trojan-activity;sid:84654291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.84.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791190/; classtype:trojan-activity;sid:84654290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791189)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dance-v9.dancingvcr.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791189/; classtype:trojan-activity;sid:84654289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791188)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vcr-logic.dancingvcr.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791188/; classtype:trojan-activity;sid:84654288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.233.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791187/; classtype:trojan-activity;sid:84654287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791186)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"move-node.dancingvcr.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791186/; classtype:trojan-activity;sid:84654286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.47.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791185/; classtype:trojan-activity;sid:84654285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.29.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791184/; classtype:trojan-activity;sid:84654284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.29.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791183/; classtype:trojan-activity;sid:84654283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.165.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791182/; classtype:trojan-activity;sid:84654282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.86.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791181/; classtype:trojan-activity;sid:84654281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791180)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dance-vcr.dancingvcr.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791180/; classtype:trojan-activity;sid:84654280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.164.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791179/; classtype:trojan-activity;sid:84654279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.227.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791178/; classtype:trojan-activity;sid:84654278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791177)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sur-sync.reinsurundock.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791177/; classtype:trojan-activity;sid:84654277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.127.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791176/; classtype:trojan-activity;sid:84654276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.15.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791175/; classtype:trojan-activity;sid:84654275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791174)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"rein-v44.reinsurundock.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791174/; classtype:trojan-activity;sid:84654274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791173)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sur-vault.reinsurundock.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791173/; classtype:trojan-activity;sid:84654273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.164.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791172/; classtype:trojan-activity;sid:84654272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791171)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"rein-dock.reinsurundock.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791171/; classtype:trojan-activity;sid:84654271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.227.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791170/; classtype:trojan-activity;sid:84654270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.10.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791169/; classtype:trojan-activity;sid:84654269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791168)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cism-flow.draniercism.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791168/; classtype:trojan-activity;sid:84654268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791167)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dran02.draniercism.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791167/; classtype:trojan-activity;sid:84654267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791166)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cism-base.draniercism.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791166/; classtype:trojan-activity;sid:84654266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791165)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dran-optic.draniercism.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791165/; classtype:trojan-activity;sid:84654265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.10.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791164/; classtype:trojan-activity;sid:84654264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.93.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791163/; classtype:trojan-activity;sid:84654263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.53.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791162/; classtype:trojan-activity;sid:84654262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.93.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791161/; classtype:trojan-activity;sid:84654261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791160)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"petun-data.albanianpetun.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791160/; classtype:trojan-activity;sid:84654260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791159)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"petun-sys.albanianpetun.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791159/; classtype:trojan-activity;sid:84654259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.0.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791158/; classtype:trojan-activity;sid:84654258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.0.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791157/; classtype:trojan-activity;sid:84654257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.30.2"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791156/; classtype:trojan-activity;sid:84654256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.78.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791155/; classtype:trojan-activity;sid:84654255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791154)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"pres-mode.horspresence.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791154/; classtype:trojan-activity;sid:84654254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.118.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791153/; classtype:trojan-activity;sid:84654253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.41.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791152/; classtype:trojan-activity;sid:84654252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791151)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6902778688/uxqfunw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791151/; classtype:trojan-activity;sid:84654251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791149)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.107.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791149/; classtype:trojan-activity;sid:84654249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791150)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.107.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791150/; classtype:trojan-activity;sid:84654250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791146)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.107.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791146/; classtype:trojan-activity;sid:84654246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791147)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.107.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791147/; classtype:trojan-activity;sid:84654247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791148)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.107.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791148/; classtype:trojan-activity;sid:84654248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791145)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.107.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791145/; classtype:trojan-activity;sid:84654245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791142)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.107.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791142/; classtype:trojan-activity;sid:84654242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791143)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.107.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791143/; classtype:trojan-activity;sid:84654243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791144)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.107.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791144/; classtype:trojan-activity;sid:84654244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.48.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791141/; classtype:trojan-activity;sid:84654241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791140)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"woo-sync.gadowooing.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791140/; classtype:trojan-activity;sid:84654240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.48.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791139/; classtype:trojan-activity;sid:84654239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791138)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"gadow-v12.gadowooing.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791138/; classtype:trojan-activity;sid:84654238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791137)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"woo-point.gadowooing.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791137/; classtype:trojan-activity;sid:84654237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.55.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791136/; classtype:trojan-activity;sid:84654236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.41.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791135/; classtype:trojan-activity;sid:84654235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.96.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791134/; classtype:trojan-activity;sid:84654234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.170.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791133/; classtype:trojan-activity;sid:84654233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.55.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791132/; classtype:trojan-activity;sid:84654232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791131)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sanct-v1.sanctunputer.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791131/; classtype:trojan-activity;sid:84654231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.1.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791130/; classtype:trojan-activity;sid:84654230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.1.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791129/; classtype:trojan-activity;sid:84654229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.13.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791128/; classtype:trojan-activity;sid:84654228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.194.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791127/; classtype:trojan-activity;sid:84654227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791126)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"put-vault.sanctunputer.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791126/; classtype:trojan-activity;sid:84654226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.170.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791125/; classtype:trojan-activity;sid:84654225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.250.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791124/; classtype:trojan-activity;sid:84654224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.148.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791123/; classtype:trojan-activity;sid:84654223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.37.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791122/; classtype:trojan-activity;sid:84654222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791121)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"intest-v9.intesttop.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791121/; classtype:trojan-activity;sid:84654221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.194.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791120/; classtype:trojan-activity;sid:84654220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.250.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791119/; classtype:trojan-activity;sid:84654219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.13.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791118/; classtype:trojan-activity;sid:84654218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791117)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"test-top.intesttop.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791117/; classtype:trojan-activity;sid:84654217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.148.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791116/; classtype:trojan-activity;sid:84654216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.87.216.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791115/; classtype:trojan-activity;sid:84654215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.102.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791114/; classtype:trojan-activity;sid:84654214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.245.226.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791113/; classtype:trojan-activity;sid:84654213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.151.156.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791112/; classtype:trojan-activity;sid:84654212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.118.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791111/; classtype:trojan-activity;sid:84654211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791110)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tank05.representtank.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791110/; classtype:trojan-activity;sid:84654210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.112.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791109/; classtype:trojan-activity;sid:84654209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.118.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791108/; classtype:trojan-activity;sid:84654208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791107)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tank-gate.representtank.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791107/; classtype:trojan-activity;sid:84654207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.216.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791106/; classtype:trojan-activity;sid:84654206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.245.226.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791105/; classtype:trojan-activity;sid:84654205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.69.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791104/; classtype:trojan-activity;sid:84654204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.151.156.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791103/; classtype:trojan-activity;sid:84654203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791102)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"rich-flow.minenrichment.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791102/; classtype:trojan-activity;sid:84654202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.25.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791101/; classtype:trojan-activity;sid:84654201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.112.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791099/; classtype:trojan-activity;sid:84654199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.25.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791100/; classtype:trojan-activity;sid:84654200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791098)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mine08.minenrichment.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791098/; classtype:trojan-activity;sid:84654198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791097)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1797567872/w6ubu3m.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791097/; classtype:trojan-activity;sid:84654197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.168.50.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791096/; classtype:trojan-activity;sid:84654196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.89.61.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791095/; classtype:trojan-activity;sid:84654195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.69.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791094/; classtype:trojan-activity;sid:84654194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.89.61.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791093/; classtype:trojan-activity;sid:84654193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791092)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"rich-v7.minenrichment.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791092/; classtype:trojan-activity;sid:84654192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.22.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791091/; classtype:trojan-activity;sid:84654191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.189.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791090/; classtype:trojan-activity;sid:84654190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791089)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"double-sync.austrodouble.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791089/; classtype:trojan-activity;sid:84654189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.138.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791088/; classtype:trojan-activity;sid:84654188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.138.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791087/; classtype:trojan-activity;sid:84654187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791085)"; flow:established,from_client; content:"GET"; http_method; content:"/main.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"142.248.228.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791085/; classtype:trojan-activity;sid:84654185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791086)"; flow:established,from_client; content:"GET"; http_method; content:"/o.xml"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"142.248.228.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791086/; classtype:trojan-activity;sid:84654186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.135.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791084/; classtype:trojan-activity;sid:84654184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.155.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791083/; classtype:trojan-activity;sid:84654183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.126.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791081/; classtype:trojan-activity;sid:84654181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791082)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8733674968/jlzuxmu.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791082/; classtype:trojan-activity;sid:84654182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.226.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791080/; classtype:trojan-activity;sid:84654180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.155.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791079/; classtype:trojan-activity;sid:84654179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.226.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791076/; classtype:trojan-activity;sid:84654176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.189.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791077/; classtype:trojan-activity;sid:84654177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.22.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791078/; classtype:trojan-activity;sid:84654178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.60.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791075/; classtype:trojan-activity;sid:84654175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.126.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791074/; classtype:trojan-activity;sid:84654174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.135.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791073/; classtype:trojan-activity;sid:84654173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.17.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791072/; classtype:trojan-activity;sid:84654172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.82.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791071/; classtype:trojan-activity;sid:84654171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.60.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791070/; classtype:trojan-activity;sid:84654170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.196.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791069/; classtype:trojan-activity;sid:84654169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.102.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791068/; classtype:trojan-activity;sid:84654168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791067)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"austro02.austrodouble.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791067/; classtype:trojan-activity;sid:84654167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.192.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791066/; classtype:trojan-activity;sid:84654166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.132.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791065/; classtype:trojan-activity;sid:84654165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791064)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"blood04.dialectblood.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791064/; classtype:trojan-activity;sid:84654164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.135.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791063/; classtype:trojan-activity;sid:84654163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.192.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791062/; classtype:trojan-activity;sid:84654162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791061)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dia-v5.dialectblood.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791061/; classtype:trojan-activity;sid:84654161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791060)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"blood-unit.dialectblood.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791060/; classtype:trojan-activity;sid:84654160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"173.28.103.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791059/; classtype:trojan-activity;sid:84654159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.88.187.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791058/; classtype:trojan-activity;sid:84654158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.193.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791056/; classtype:trojan-activity;sid:84654156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.35.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791057/; classtype:trojan-activity;sid:84654157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.121.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791055/; classtype:trojan-activity;sid:84654155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791054/; classtype:trojan-activity;sid:84654154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.88.187.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791053/; classtype:trojan-activity;sid:84654153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791052)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"svet09.moroshkasvet.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791052/; classtype:trojan-activity;sid:84654152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.128.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791051/; classtype:trojan-activity;sid:84654151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.35.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791050/; classtype:trojan-activity;sid:84654150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.193.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791049/; classtype:trojan-activity;sid:84654149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791048)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"moro-v4.moroshkasvet.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791048/; classtype:trojan-activity;sid:84654148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791047/; classtype:trojan-activity;sid:84654147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.230.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791046/; classtype:trojan-activity;sid:84654146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.9.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791045/; classtype:trojan-activity;sid:84654145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791044)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"woman-flow.youngwoman.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791044/; classtype:trojan-activity;sid:84654144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791043)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"young01.youngwoman.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791043/; classtype:trojan-activity;sid:84654143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791041)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"asteriaproject.dstat.click"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791041/; classtype:trojan-activity;sid:84654141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791042)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"asteriaproject.dstat.click"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791042/; classtype:trojan-activity;sid:84654142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791031)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"asteriaproject.dstat.click"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791031/; classtype:trojan-activity;sid:84654131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791032)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"asteriaproject.dstat.click"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791032/; classtype:trojan-activity;sid:84654132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791033)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"asteriaproject.dstat.click"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791033/; classtype:trojan-activity;sid:84654133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791034)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"asteriaproject.dstat.click"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791034/; classtype:trojan-activity;sid:84654134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791035)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"asteriaproject.dstat.click"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791035/; classtype:trojan-activity;sid:84654135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791036)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"asteriaproject.dstat.click"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791036/; classtype:trojan-activity;sid:84654136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791037)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"asteriaproject.dstat.click"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791037/; classtype:trojan-activity;sid:84654137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791038)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"asteriaproject.dstat.click"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791038/; classtype:trojan-activity;sid:84654138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791039)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"asteriaproject.dstat.click"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791039/; classtype:trojan-activity;sid:84654139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791040)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"asteriaproject.dstat.click"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791040/; classtype:trojan-activity;sid:84654140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.230.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791030/; classtype:trojan-activity;sid:84654130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.9.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791029/; classtype:trojan-activity;sid:84654129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.77.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791028/; classtype:trojan-activity;sid:84654128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791023)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791023/; classtype:trojan-activity;sid:84654123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791024)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791024/; classtype:trojan-activity;sid:84654124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791025)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791025/; classtype:trojan-activity;sid:84654125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791026)"; flow:established,from_client; content:"GET"; http_method; content:"/kla.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791026/; classtype:trojan-activity;sid:84654126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791027)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.97.124.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791027/; classtype:trojan-activity;sid:84654127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791016)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791016/; classtype:trojan-activity;sid:84654116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791017/; classtype:trojan-activity;sid:84654117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791018)"; flow:established,from_client; content:"GET"; http_method; content:"/kla.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791018/; classtype:trojan-activity;sid:84654118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791019)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791019/; classtype:trojan-activity;sid:84654119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791020/; classtype:trojan-activity;sid:84654120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791021)"; flow:established,from_client; content:"GET"; http_method; content:"/milan.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.97.124.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791021/; classtype:trojan-activity;sid:84654121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791022)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"140.233.190.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791022/; classtype:trojan-activity;sid:84654122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791015)"; flow:established,from_client; content:"GET"; http_method; content:"/start.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"50.247.12.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791015/; classtype:trojan-activity;sid:84654115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791014)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791014/; classtype:trojan-activity;sid:84654114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791013)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64-linux-musl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"140.233.190.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791013/; classtype:trojan-activity;sid:84654113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791012)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"140.233.190.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791012/; classtype:trojan-activity;sid:84654112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791009)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"140.233.190.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791009/; classtype:trojan-activity;sid:84654109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791010)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"140.233.190.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791010/; classtype:trojan-activity;sid:84654110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791011)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_x64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"140.233.190.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791011/; classtype:trojan-activity;sid:84654111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791008)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"140.233.190.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791008/; classtype:trojan-activity;sid:84654108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791007)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_mipsle"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"140.233.190.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791007/; classtype:trojan-activity;sid:84654107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.127.226.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791006/; classtype:trojan-activity;sid:84654106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791005)"; flow:established,from_client; content:"GET"; http_method; content:"/gate.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"74.0.32.141"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791005/; classtype:trojan-activity;sid:84654105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790996)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.8.68.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790996/; classtype:trojan-activity;sid:84654096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790997)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.8.68.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790997/; classtype:trojan-activity;sid:84654097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790998)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.8.68.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790998/; classtype:trojan-activity;sid:84654098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790999)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.8.68.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790999/; classtype:trojan-activity;sid:84654099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791000)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.8.68.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791000/; classtype:trojan-activity;sid:84654100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791001)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.8.68.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791001/; classtype:trojan-activity;sid:84654101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791002)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.8.68.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791002/; classtype:trojan-activity;sid:84654102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791003)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetarm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"152.89.170.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791003/; classtype:trojan-activity;sid:84654103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791004)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.8.68.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3791004/; classtype:trojan-activity;sid:84654104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790995)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.8.68.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790995/; classtype:trojan-activity;sid:84654095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790993)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_tools.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.26.106.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790993/; classtype:trojan-activity;sid:84654093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790994)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_utils.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.26.106.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790994/; classtype:trojan-activity;sid:84654094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790992)"; flow:established,from_client; content:"GET"; http_method; content:"/d3_cnc_user.c.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"94.26.106.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790992/; classtype:trojan-activity;sid:84654092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790991)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"84.234.99.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790991/; classtype:trojan-activity;sid:84654091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790988)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"46.8.68.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790988/; classtype:trojan-activity;sid:84654088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790989)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetarm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.89.170.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790989/; classtype:trojan-activity;sid:84654089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790990)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetx86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.89.170.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790990/; classtype:trojan-activity;sid:84654090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790987)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsle"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.97.124.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790987/; classtype:trojan-activity;sid:84654087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790986)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"46.8.68.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790986/; classtype:trojan-activity;sid:84654086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790984)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetmpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790984/; classtype:trojan-activity;sid:84654084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790985)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetm68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790985/; classtype:trojan-activity;sid:84654085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790971)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.97.124.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790971/; classtype:trojan-activity;sid:84654071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790972)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"84.234.99.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790972/; classtype:trojan-activity;sid:84654072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790973)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"46.8.68.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790973/; classtype:trojan-activity;sid:84654073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790974)"; flow:established,from_client; content:"GET"; http_method; content:"/x32"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"80.97.124.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790974/; classtype:trojan-activity;sid:84654074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790975)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790975/; classtype:trojan-activity;sid:84654075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790976)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"46.8.68.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790976/; classtype:trojan-activity;sid:84654076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790977)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv5l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790977/; classtype:trojan-activity;sid:84654077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790978)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetmips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790978/; classtype:trojan-activity;sid:84654078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790979)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.97.124.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790979/; classtype:trojan-activity;sid:84654079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790980)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv5l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790980/; classtype:trojan-activity;sid:84654080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790981)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"46.8.68.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790981/; classtype:trojan-activity;sid:84654081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790982)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"84.234.99.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790982/; classtype:trojan-activity;sid:84654082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790983)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"84.234.99.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790983/; classtype:trojan-activity;sid:84654083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790964)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i586"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790964/; classtype:trojan-activity;sid:84654064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790965)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.8.68.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790965/; classtype:trojan-activity;sid:84654065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790966)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790966/; classtype:trojan-activity;sid:84654066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790967)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790967/; classtype:trojan-activity;sid:84654067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790968)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"84.234.99.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790968/; classtype:trojan-activity;sid:84654068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790969)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.97.124.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790969/; classtype:trojan-activity;sid:84654069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790970)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv7l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790970/; classtype:trojan-activity;sid:84654070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790961)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790961/; classtype:trojan-activity;sid:84654061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790962)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790962/; classtype:trojan-activity;sid:84654062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790963)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790963/; classtype:trojan-activity;sid:84654063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790958)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790958/; classtype:trojan-activity;sid:84654058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790959)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv6l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790959/; classtype:trojan-activity;sid:84654059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790960)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790960/; classtype:trojan-activity;sid:84654060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790952)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetspc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.89.170.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790952/; classtype:trojan-activity;sid:84654052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790953)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"46.8.68.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790953/; classtype:trojan-activity;sid:84654053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790954)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetarm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790954/; classtype:trojan-activity;sid:84654054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790955)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.97.124.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790955/; classtype:trojan-activity;sid:84654055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790956)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.97.124.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790956/; classtype:trojan-activity;sid:84654056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790957)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.97.124.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790957/; classtype:trojan-activity;sid:84654057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790950)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790950/; classtype:trojan-activity;sid:84654050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790951)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790951/; classtype:trojan-activity;sid:84654051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790946)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"84.234.99.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790946/; classtype:trojan-activity;sid:84654046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790947)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.89.170.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790947/; classtype:trojan-activity;sid:84654047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790948)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790948/; classtype:trojan-activity;sid:84654048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790949)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"84.234.99.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790949/; classtype:trojan-activity;sid:84654049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790941)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"84.234.99.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790941/; classtype:trojan-activity;sid:84654041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790942)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetarm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790942/; classtype:trojan-activity;sid:84654042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790943)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"84.234.99.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790943/; classtype:trojan-activity;sid:84654043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790944)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"84.234.99.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790944/; classtype:trojan-activity;sid:84654044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790945)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetarm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790945/; classtype:trojan-activity;sid:84654045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790937)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"46.8.68.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790937/; classtype:trojan-activity;sid:84654037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790938)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"80.97.124.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790938/; classtype:trojan-activity;sid:84654038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790939)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"46.8.68.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790939/; classtype:trojan-activity;sid:84654039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790940)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetspc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790940/; classtype:trojan-activity;sid:84654040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790908)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetsh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.89.170.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790908/; classtype:trojan-activity;sid:84654008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790909)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetmips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"152.89.170.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790909/; classtype:trojan-activity;sid:84654009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790910)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790910/; classtype:trojan-activity;sid:84654010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790911)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv6l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790911/; classtype:trojan-activity;sid:84654011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790912)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790912/; classtype:trojan-activity;sid:84654012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790913)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790913/; classtype:trojan-activity;sid:84654013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790914)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790914/; classtype:trojan-activity;sid:84654014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790915)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790915/; classtype:trojan-activity;sid:84654015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790916)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790916/; classtype:trojan-activity;sid:84654016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790917)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790917/; classtype:trojan-activity;sid:84654017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790918)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790918/; classtype:trojan-activity;sid:84654018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790919)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790919/; classtype:trojan-activity;sid:84654019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790920)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetarm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"152.89.170.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790920/; classtype:trojan-activity;sid:84654020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790921)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790921/; classtype:trojan-activity;sid:84654021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790922)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetarm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790922/; classtype:trojan-activity;sid:84654022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790923)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i586"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790923/; classtype:trojan-activity;sid:84654023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790924)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790924/; classtype:trojan-activity;sid:84654024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790925)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetx86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790925/; classtype:trojan-activity;sid:84654025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790926)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetsh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790926/; classtype:trojan-activity;sid:84654026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790927)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790927/; classtype:trojan-activity;sid:84654027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790928)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv7l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.128.118.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790928/; classtype:trojan-activity;sid:84654028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790929)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.8.68.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790929/; classtype:trojan-activity;sid:84654029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790930)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"46.8.68.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790930/; classtype:trojan-activity;sid:84654030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790931)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"80.97.124.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790931/; classtype:trojan-activity;sid:84654031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790932)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"46.8.68.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790932/; classtype:trojan-activity;sid:84654032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790933)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"84.234.99.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790933/; classtype:trojan-activity;sid:84654033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790934)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.97.124.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790934/; classtype:trojan-activity;sid:84654034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790935)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"80.97.124.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790935/; classtype:trojan-activity;sid:84654035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790936)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"84.234.99.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790936/; classtype:trojan-activity;sid:84654036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790905)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetmpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"152.89.170.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790905/; classtype:trojan-activity;sid:84654005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790906)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetarm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"152.89.170.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790906/; classtype:trojan-activity;sid:84654006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790907)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/violetm68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"152.89.170.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790907/; classtype:trojan-activity;sid:84654007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790904)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.m68k"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790904/; classtype:trojan-activity;sid:84654004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790903)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790903/; classtype:trojan-activity;sid:84654003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790890)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.x86_64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790890/; classtype:trojan-activity;sid:84653990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790891)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.x86_32"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790891/; classtype:trojan-activity;sid:84653991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790892)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.sh4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790892/; classtype:trojan-activity;sid:84653992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790893)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.arc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790893/; classtype:trojan-activity;sid:84653993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790894)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.spc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790894/; classtype:trojan-activity;sid:84653994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790895)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.arm7"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790895/; classtype:trojan-activity;sid:84653995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790896)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.ppc440"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790896/; classtype:trojan-activity;sid:84653996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790897)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790897/; classtype:trojan-activity;sid:84653997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790898)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.arc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790898/; classtype:trojan-activity;sid:84653998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790899)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.spc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790899/; classtype:trojan-activity;sid:84653999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790900)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790900/; classtype:trojan-activity;sid:84654000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790901)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790901/; classtype:trojan-activity;sid:84654001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790902)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790902/; classtype:trojan-activity;sid:84654002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790873)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.x86_32"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790873/; classtype:trojan-activity;sid:84653973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790874)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.arm6"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790874/; classtype:trojan-activity;sid:84653974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790875)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.mipsl"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790875/; classtype:trojan-activity;sid:84653975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790876)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.m68k"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790876/; classtype:trojan-activity;sid:84653976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790877)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.i486"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790877/; classtype:trojan-activity;sid:84653977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790878)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.i686"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790878/; classtype:trojan-activity;sid:84653978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790879)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.arm5"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790879/; classtype:trojan-activity;sid:84653979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790880)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790880/; classtype:trojan-activity;sid:84653980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790881)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.mipsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790881/; classtype:trojan-activity;sid:84653981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790882)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790882/; classtype:trojan-activity;sid:84653982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790883)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.ppc440"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790883/; classtype:trojan-activity;sid:84653983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790884)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.arm"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790884/; classtype:trojan-activity;sid:84653984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790885)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.arm"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790885/; classtype:trojan-activity;sid:84653985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790886)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.ppc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790886/; classtype:trojan-activity;sid:84653986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790887)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.i686"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790887/; classtype:trojan-activity;sid:84653987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790888)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.i486"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790888/; classtype:trojan-activity;sid:84653988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790889)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.x86_64"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790889/; classtype:trojan-activity;sid:84653989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790866)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"177.76.44.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790866/; classtype:trojan-activity;sid:84653966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790867)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"177.76.44.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790867/; classtype:trojan-activity;sid:84653967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790868)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86-debug"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"177.76.44.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790868/; classtype:trojan-activity;sid:84653968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790869)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"177.76.44.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790869/; classtype:trojan-activity;sid:84653969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790870)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"177.76.44.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790870/; classtype:trojan-activity;sid:84653970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790871)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"177.76.44.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790871/; classtype:trojan-activity;sid:84653971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790872)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"177.76.44.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790872/; classtype:trojan-activity;sid:84653972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790865)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"177.76.44.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790865/; classtype:trojan-activity;sid:84653965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790859)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"177.76.44.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790859/; classtype:trojan-activity;sid:84653959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790860)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"177.76.44.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790860/; classtype:trojan-activity;sid:84653960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790861)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"177.76.44.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790861/; classtype:trojan-activity;sid:84653961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790862)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"177.76.44.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790862/; classtype:trojan-activity;sid:84653962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790863)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"177.76.44.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790863/; classtype:trojan-activity;sid:84653963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790864)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"177.76.44.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790864/; classtype:trojan-activity;sid:84653964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.185.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790858/; classtype:trojan-activity;sid:84653958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.77.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790857/; classtype:trojan-activity;sid:84653957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790856)"; flow:established,from_client; content:"GET"; http_method; content:"/aileqac3yep7oqdhygjpberqqnk2zrnhck2lx/busket/2/05x06x26/01/bkrpamct.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"s3.g.s4.mega.io"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790856/; classtype:trojan-activity;sid:84653956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790855)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"142.248.228.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790855/; classtype:trojan-activity;sid:84653955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790850)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"142.248.228.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790850/; classtype:trojan-activity;sid:84653950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790851)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"142.248.228.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790851/; classtype:trojan-activity;sid:84653951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790852)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"142.248.228.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790852/; classtype:trojan-activity;sid:84653952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790853)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"142.248.228.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790853/; classtype:trojan-activity;sid:84653953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790854)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"142.248.228.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790854/; classtype:trojan-activity;sid:84653954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790844)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"142.248.228.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790844/; classtype:trojan-activity;sid:84653944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790845)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"142.248.228.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790845/; classtype:trojan-activity;sid:84653945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790846)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"142.248.228.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790846/; classtype:trojan-activity;sid:84653946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790847)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"142.248.228.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790847/; classtype:trojan-activity;sid:84653947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790848)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"142.248.228.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790848/; classtype:trojan-activity;sid:84653948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790849)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"142.248.228.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790849/; classtype:trojan-activity;sid:84653949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790843)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"142.248.228.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790843/; classtype:trojan-activity;sid:84653943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790842)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"142.248.228.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790842/; classtype:trojan-activity;sid:84653942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.231.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790841/; classtype:trojan-activity;sid:84653941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.15.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790840/; classtype:trojan-activity;sid:84653940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.178.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790839/; classtype:trojan-activity;sid:84653939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.102.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790838/; classtype:trojan-activity;sid:84653938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.166.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790837/; classtype:trojan-activity;sid:84653937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790836)"; flow:established,from_client; content:"GET"; http_method; content:"/files/2070717540/ipvjtgg.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790836/; classtype:trojan-activity;sid:84653936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.182.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790835/; classtype:trojan-activity;sid:84653935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.117.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790834/; classtype:trojan-activity;sid:84653934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.157.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790833/; classtype:trojan-activity;sid:84653933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.115.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790832/; classtype:trojan-activity;sid:84653932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.102.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790831/; classtype:trojan-activity;sid:84653931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.117.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790830/; classtype:trojan-activity;sid:84653930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.115.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790829/; classtype:trojan-activity;sid:84653929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.182.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790828/; classtype:trojan-activity;sid:84653928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.198.186.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790827/; classtype:trojan-activity;sid:84653927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790825)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_load.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790825/; classtype:trojan-activity;sid:84653925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790792)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_load.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790792/; classtype:trojan-activity;sid:84653892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790793)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_load.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790793/; classtype:trojan-activity;sid:84653893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790794)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_load.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790794/; classtype:trojan-activity;sid:84653894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790795)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.38.142.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790795/; classtype:trojan-activity;sid:84653895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.121.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790796/; classtype:trojan-activity;sid:84653896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790797)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_load.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790797/; classtype:trojan-activity;sid:84653897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790798)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_load.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790798/; classtype:trojan-activity;sid:84653898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790799)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.38.142.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790799/; classtype:trojan-activity;sid:84653899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790800)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_load.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790800/; classtype:trojan-activity;sid:84653900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790801)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_load.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790801/; classtype:trojan-activity;sid:84653901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790802)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.38.142.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790802/; classtype:trojan-activity;sid:84653902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790803)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.38.142.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790803/; classtype:trojan-activity;sid:84653903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790804)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.124.63.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790804/; classtype:trojan-activity;sid:84653904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790805)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.38.142.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790805/; classtype:trojan-activity;sid:84653905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790806)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.124.63.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790806/; classtype:trojan-activity;sid:84653906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790807)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.38.142.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790807/; classtype:trojan-activity;sid:84653907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790808)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790808/; classtype:trojan-activity;sid:84653908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790809)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.38.142.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790809/; classtype:trojan-activity;sid:84653909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790810)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.124.63.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790810/; classtype:trojan-activity;sid:84653910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790811)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc440"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.38.142.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790811/; classtype:trojan-activity;sid:84653911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790812)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.124.63.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790812/; classtype:trojan-activity;sid:84653912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790813)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.124.63.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790813/; classtype:trojan-activity;sid:84653913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790814)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.38.142.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790814/; classtype:trojan-activity;sid:84653914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790815)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.124.63.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790815/; classtype:trojan-activity;sid:84653915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790816)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.38.142.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790816/; classtype:trojan-activity;sid:84653916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790817)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.38.142.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790817/; classtype:trojan-activity;sid:84653917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790818)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.38.142.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790818/; classtype:trojan-activity;sid:84653918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790819)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.124.63.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790819/; classtype:trojan-activity;sid:84653919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790820)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.38.142.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790820/; classtype:trojan-activity;sid:84653920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790821)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_load.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790821/; classtype:trojan-activity;sid:84653921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790822)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.38.142.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790822/; classtype:trojan-activity;sid:84653922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790823)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.124.63.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790823/; classtype:trojan-activity;sid:84653923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790824)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_load.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790824/; classtype:trojan-activity;sid:84653924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790790)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_load.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790790/; classtype:trojan-activity;sid:84653890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790791)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_load.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790791/; classtype:trojan-activity;sid:84653891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790788)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.124.63.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790788/; classtype:trojan-activity;sid:84653888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790789)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.38.142.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790789/; classtype:trojan-activity;sid:84653889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.121.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790787/; classtype:trojan-activity;sid:84653887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790786)"; flow:established,from_client; content:"GET"; http_method; content:"/x"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790786/; classtype:trojan-activity;sid:84653886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.28.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790785/; classtype:trojan-activity;sid:84653885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.165.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790784/; classtype:trojan-activity;sid:84653884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790783)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7044575709/abbqsjz.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790783/; classtype:trojan-activity;sid:84653883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.165.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790782/; classtype:trojan-activity;sid:84653882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.142.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790781/; classtype:trojan-activity;sid:84653881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.142.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790780/; classtype:trojan-activity;sid:84653880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.28.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790779/; classtype:trojan-activity;sid:84653879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790778)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"46.203.233.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790778/; classtype:trojan-activity;sid:84653878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.86.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790777/; classtype:trojan-activity;sid:84653877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790776)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnriscv32xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"178.215.236.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790776/; classtype:trojan-activity;sid:84653876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790772)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnmipsxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"178.215.236.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790772/; classtype:trojan-activity;sid:84653872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790773)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnsh2xnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.215.236.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790773/; classtype:trojan-activity;sid:84653873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790774)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnor1kxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"178.215.236.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790774/; classtype:trojan-activity;sid:84653874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790775)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnloongarch64xnxn"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"178.215.236.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790775/; classtype:trojan-activity;sid:84653875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790766)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxni386xnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"178.215.236.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790766/; classtype:trojan-activity;sid:84653866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790767)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnriscv64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"178.215.236.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790767/; classtype:trojan-activity;sid:84653867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790768)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnpowerpcxnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"178.215.236.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790768/; classtype:trojan-activity;sid:84653868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790769)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_load.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790769/; classtype:trojan-activity;sid:84653869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790770)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnm68kxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"178.215.236.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790770/; classtype:trojan-activity;sid:84653870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790771)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.151.155.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790771/; classtype:trojan-activity;sid:84653871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790762)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_load.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790762/; classtype:trojan-activity;sid:84653862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790763)"; flow:established,from_client; content:"GET"; http_method; content:"/nullnet_load.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790763/; classtype:trojan-activity;sid:84653863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790764)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnmicroblazexnxn"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"178.215.236.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790764/; classtype:trojan-activity;sid:84653864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790765)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnsh4xnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.215.236.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790765/; classtype:trojan-activity;sid:84653865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790759)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.38.142.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790759/; classtype:trojan-activity;sid:84653859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790760)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.151.155.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790760/; classtype:trojan-activity;sid:84653860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790761)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.151.155.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790761/; classtype:trojan-activity;sid:84653861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790741)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.151.155.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790741/; classtype:trojan-activity;sid:84653841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790742)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.151.155.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790742/; classtype:trojan-activity;sid:84653842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790743)"; flow:established,from_client; content:"GET"; http_method; content:"/nuts/poop"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.175.89.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790743/; classtype:trojan-activity;sid:84653843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790744)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.151.155.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790744/; classtype:trojan-activity;sid:84653844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790745)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.151.155.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790745/; classtype:trojan-activity;sid:84653845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790746)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.151.155.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790746/; classtype:trojan-activity;sid:84653846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790747)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnx86_64xnxn"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"178.215.236.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790747/; classtype:trojan-activity;sid:84653847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790748)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.124.63.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790748/; classtype:trojan-activity;sid:84653848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790749)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.198.234.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790749/; classtype:trojan-activity;sid:84653849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790750)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.151.155.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790750/; classtype:trojan-activity;sid:84653850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790751)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.38.142.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790751/; classtype:trojan-activity;sid:84653851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790752)"; flow:established,from_client; content:"GET"; http_method; content:"/all.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.38.142.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790752/; classtype:trojan-activity;sid:84653852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790753)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.151.155.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790753/; classtype:trojan-activity;sid:84653853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790754)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.124.63.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790754/; classtype:trojan-activity;sid:84653854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790755)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.116.36.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790755/; classtype:trojan-activity;sid:84653855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790756)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.38.142.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790756/; classtype:trojan-activity;sid:84653856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790757)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnaarch64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"178.215.236.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790757/; classtype:trojan-activity;sid:84653857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790758)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.215.236.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790758/; classtype:trojan-activity;sid:84653858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790737)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.151.155.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790737/; classtype:trojan-activity;sid:84653837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790738)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.151.155.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790738/; classtype:trojan-activity;sid:84653838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790739)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.151.155.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790739/; classtype:trojan-activity;sid:84653839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790740)"; flow:established,from_client; content:"GET"; http_method; content:"/jack5tr.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.151.155.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790740/; classtype:trojan-activity;sid:84653840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790735)"; flow:established,from_client; content:"GET"; http_method; content:"/cache"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790735/; classtype:trojan-activity;sid:84653835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790736)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.196.41.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790736/; classtype:trojan-activity;sid:84653836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790733)"; flow:established,from_client; content:"GET"; http_method; content:"/nuts/bolts"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"107.175.89.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790733/; classtype:trojan-activity;sid:84653833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790734)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.151.155.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790734/; classtype:trojan-activity;sid:84653834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790732)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.142.209.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790732/; classtype:trojan-activity;sid:84653832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.47.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790731/; classtype:trojan-activity;sid:84653831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.169.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790730/; classtype:trojan-activity;sid:84653830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.58.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790729/; classtype:trojan-activity;sid:84653829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790728)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1225117411/blr3mbe.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790728/; classtype:trojan-activity;sid:84653828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.223.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790727/; classtype:trojan-activity;sid:84653827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.97.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790726/; classtype:trojan-activity;sid:84653826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790725)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"young-site.youngwoman.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790725/; classtype:trojan-activity;sid:84653825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.86.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790724/; classtype:trojan-activity;sid:84653824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.169.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790723/; classtype:trojan-activity;sid:84653823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.114.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790722/; classtype:trojan-activity;sid:84653822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.58.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790721/; classtype:trojan-activity;sid:84653821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.178.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790720/; classtype:trojan-activity;sid:84653820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.20.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790719/; classtype:trojan-activity;sid:84653819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790717)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"pigeon-v2.pigeonbreed.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790717/; classtype:trojan-activity;sid:84653817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790718)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7362035837/t3f3jtm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790718/; classtype:trojan-activity;sid:84653818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790716)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6902778688/bqvtgjs.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790716/; classtype:trojan-activity;sid:84653816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.97.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790715/; classtype:trojan-activity;sid:84653815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.20.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790714/; classtype:trojan-activity;sid:84653814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790713)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bird-farm.pigeonbreed.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790713/; classtype:trojan-activity;sid:84653813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790712)"; flow:established,from_client; content:"GET"; http_method; content:"/inwtz/client.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"temp.sh"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790712/; classtype:trojan-activity;sid:84653812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790711)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/apex.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.148.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790711/; classtype:trojan-activity;sid:84653811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790709)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/apex.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.148.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790709/; classtype:trojan-activity;sid:84653809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790710)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/apex.mipsle"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.65.148.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790710/; classtype:trojan-activity;sid:84653810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790708)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/apex_cnc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.148.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790708/; classtype:trojan-activity;sid:84653808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790707)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/apex.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.65.148.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790707/; classtype:trojan-activity;sid:84653807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790705)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/apex.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.148.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790705/; classtype:trojan-activity;sid:84653805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.193.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790706/; classtype:trojan-activity;sid:84653806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790704)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/apex_cnc.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.65.148.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790704/; classtype:trojan-activity;sid:84653804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790703)"; flow:established,from_client; content:"GET"; http_method; content:"/files/mu-lime.img"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"94.156.102.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790703/; classtype:trojan-activity;sid:84653803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790700)"; flow:established,from_client; content:"GET"; http_method; content:"/files/coolfile.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.156.102.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790700/; classtype:trojan-activity;sid:84653800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790701)"; flow:established,from_client; content:"GET"; http_method; content:"/files/mswincryptographdata.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"94.156.102.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790701/; classtype:trojan-activity;sid:84653801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790699)"; flow:established,from_client; content:"GET"; http_method; content:"/files/totallynotavirus.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"94.156.102.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790699/; classtype:trojan-activity;sid:84653799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790698)"; flow:established,from_client; content:"GET"; http_method; content:"/tasksvc.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.92.243.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790698/; classtype:trojan-activity;sid:84653798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.186.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790697/; classtype:trojan-activity;sid:84653797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790696)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5758620506/hjzucsf.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790696/; classtype:trojan-activity;sid:84653796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.34.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790695/; classtype:trojan-activity;sid:84653795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.206.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790694/; classtype:trojan-activity;sid:84653794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.233.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790693/; classtype:trojan-activity;sid:84653793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.169.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790692/; classtype:trojan-activity;sid:84653792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.226.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790690/; classtype:trojan-activity;sid:84653790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.99.201.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790691/; classtype:trojan-activity;sid:84653791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.233.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790689/; classtype:trojan-activity;sid:84653789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790688)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6149304756/t1nm7m0.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790688/; classtype:trojan-activity;sid:84653788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.226.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790687/; classtype:trojan-activity;sid:84653787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.186.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790686/; classtype:trojan-activity;sid:84653786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790685)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.207.157.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790685/; classtype:trojan-activity;sid:84653785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790683)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv7l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.156.87.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790683/; classtype:trojan-activity;sid:84653783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790684)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.66.228.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790684/; classtype:trojan-activity;sid:84653784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790680)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.207.157.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790680/; classtype:trojan-activity;sid:84653780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790681)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.66.228.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790681/; classtype:trojan-activity;sid:84653781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790682)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.207.157.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790682/; classtype:trojan-activity;sid:84653782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790677)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.156.87.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790677/; classtype:trojan-activity;sid:84653777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790678)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.16.52.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790678/; classtype:trojan-activity;sid:84653778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790679)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.66.228.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790679/; classtype:trojan-activity;sid:84653779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.34.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790676/; classtype:trojan-activity;sid:84653776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790666)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"178.16.53.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790666/; classtype:trojan-activity;sid:84653766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790667)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"91.92.241.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790667/; classtype:trojan-activity;sid:84653767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790668)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"178.16.55.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790668/; classtype:trojan-activity;sid:84653768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790669)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"158.94.211.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790669/; classtype:trojan-activity;sid:84653769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790670)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"158.94.211.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790670/; classtype:trojan-activity;sid:84653770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790671)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"91.92.241.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790671/; classtype:trojan-activity;sid:84653771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790672)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"158.94.211.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790672/; classtype:trojan-activity;sid:84653772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790673)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"91.92.240.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790673/; classtype:trojan-activity;sid:84653773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790674)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"158.94.208.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790674/; classtype:trojan-activity;sid:84653774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790675)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"178.16.52.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790675/; classtype:trojan-activity;sid:84653775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790665)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"158.94.211.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790665/; classtype:trojan-activity;sid:84653765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.28.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790664/; classtype:trojan-activity;sid:84653764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"173.28.103.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790663/; classtype:trojan-activity;sid:84653763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.31.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790662/; classtype:trojan-activity;sid:84653762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.133.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790661/; classtype:trojan-activity;sid:84653761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.24.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790660/; classtype:trojan-activity;sid:84653760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790658)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"158.94.210.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790658/; classtype:trojan-activity;sid:84653758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790659)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"158.94.208.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790659/; classtype:trojan-activity;sid:84653759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790656)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"178.16.52.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790656/; classtype:trojan-activity;sid:84653756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790655)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"158.94.211.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790655/; classtype:trojan-activity;sid:84653755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.195.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790653/; classtype:trojan-activity;sid:84653753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790652)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7309295924/spdwqa6.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790652/; classtype:trojan-activity;sid:84653752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.183.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790651/; classtype:trojan-activity;sid:84653751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.24.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790650/; classtype:trojan-activity;sid:84653750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.163.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790649/; classtype:trojan-activity;sid:84653749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.206.144.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790648/; classtype:trojan-activity;sid:84653748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.231.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790647/; classtype:trojan-activity;sid:84653747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790646)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8468794285/sbc01fa.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790646/; classtype:trojan-activity;sid:84653746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.183.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790645/; classtype:trojan-activity;sid:84653745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790644)"; flow:established,from_client; content:"GET"; http_method; content:"/final/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790644/; classtype:trojan-activity;sid:84653744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.206.144.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790643/; classtype:trojan-activity;sid:84653743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.241.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790642/; classtype:trojan-activity;sid:84653742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.234.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790641/; classtype:trojan-activity;sid:84653741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790640)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1660459253/w3trdgs.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790640/; classtype:trojan-activity;sid:84653740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790639)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6961337700/4p8ogao.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790639/; classtype:trojan-activity;sid:84653739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790638)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=fhkbgabpdxmglmmf"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"sqddakti.awakepathog.digital"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790638/; classtype:trojan-activity;sid:84653738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.234.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790637/; classtype:trojan-activity;sid:84653737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790636)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"exitroute.dropout.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790636/; classtype:trojan-activity;sid:84653736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790634)"; flow:established,from_client; content:"GET"; http_method; content:"/files/gop/random.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790634/; classtype:trojan-activity;sid:84653734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790635)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6608710704/1r6sqrc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790635/; classtype:trojan-activity;sid:84653735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790633)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7725193537/jdvan80.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790633/; classtype:trojan-activity;sid:84653733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790632)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5908119101/gkmdy2o.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790632/; classtype:trojan-activity;sid:84653732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790630)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7260582679/yoaxz85.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790630/; classtype:trojan-activity;sid:84653730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790631)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8243287745/p9ulf8e.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790631/; classtype:trojan-activity;sid:84653731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790629)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/pkeno2z.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790629/; classtype:trojan-activity;sid:84653729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790627)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5900855435/enle4nm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790627/; classtype:trojan-activity;sid:84653727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790628)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8499672124/b1jnsvy.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790628/; classtype:trojan-activity;sid:84653728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.28.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790626/; classtype:trojan-activity;sid:84653726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790624)"; flow:established,from_client; content:"GET"; http_method; content:"/test/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790624/; classtype:trojan-activity;sid:84653724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790625)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7453936223/5gfpjxh.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790625/; classtype:trojan-activity;sid:84653725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790623)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7290860719/otcx1qs.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790623/; classtype:trojan-activity;sid:84653723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790622)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7411337060/zcgm9ky.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790622/; classtype:trojan-activity;sid:84653722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790621)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"m2q9x.dropout.in.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790621/; classtype:trojan-activity;sid:84653721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790620)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6149304756/9mvypgf.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790620/; classtype:trojan-activity;sid:84653720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790619)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"piit-tabvector.piittablet.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790619/; classtype:trojan-activity;sid:84653719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.93.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790618/; classtype:trojan-activity;sid:84653718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.127.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790616/; classtype:trojan-activity;sid:84653716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.199.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790617/; classtype:trojan-activity;sid:84653717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.57.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790615/; classtype:trojan-activity;sid:84653715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.57.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790614/; classtype:trojan-activity;sid:84653714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790613)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dataplate.piittablet.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790613/; classtype:trojan-activity;sid:84653713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.178.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790612/; classtype:trojan-activity;sid:84653712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.99.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790611/; classtype:trojan-activity;sid:84653711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.15.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790610/; classtype:trojan-activity;sid:84653710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790609)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"t5zw3.piittablet.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790609/; classtype:trojan-activity;sid:84653709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790608)"; flow:established,from_client; content:"GET"; http_method; content:"/f/okytib8lmo0cighpqvz5lmqt3dwy8g1otbprqgf6v0u2obhj"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"esvpotfvg0.ufs.sh"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790608/; classtype:trojan-activity;sid:84653708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790606)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"rantier-loopnode.rantiercling.in.net"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790606/; classtype:trojan-activity;sid:84653706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790607)"; flow:established,from_client; content:"GET"; http_method; content:"/f/wd5au82s08cwa6rxv8n4ey2hvbsouwgm6xuaewibtc9dnznl"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"zifg62sw71.ufs.sh"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790607/; classtype:trojan-activity;sid:84653707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790605)"; flow:established,from_client; content:"GET"; http_method; content:"/vidar/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"158.94.211.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790605/; classtype:trojan-activity;sid:84653705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790604)"; flow:established,from_client; content:"GET"; http_method; content:"/f/okytib8lmo0cnucumloxd2rvxuo3zhpn7awt5a9vjfbluq4k"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"esvpotfvg0.ufs.sh"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790604/; classtype:trojan-activity;sid:84653704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790603)"; flow:established,from_client; content:"GET"; http_method; content:"/f/okytib8lmo0c3wozntcome9sysidunbdqjnx6cq7zv4plviz"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"esvpotfvg0.ufs.sh"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790603/; classtype:trojan-activity;sid:84653703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790602)"; flow:established,from_client; content:"GET"; http_method; content:"/f/okytib8lmo0ckkkwp433kzjrq5anjpuyewihp21zqstdklsf"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"esvpotfvg0.ufs.sh"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790602/; classtype:trojan-activity;sid:84653702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790601)"; flow:established,from_client; content:"GET"; http_method; content:"/f/okytib8lmo0cqk3evdlbzjflcvtk6c3evo0xyw49redmb8xu"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"esvpotfvg0.ufs.sh"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790601/; classtype:trojan-activity;sid:84653701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790600)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"circleforge.rantiercling.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790600/; classtype:trojan-activity;sid:84653700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.229.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790599/; classtype:trojan-activity;sid:84653699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790598)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"r8kqm.rantiercling.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790598/; classtype:trojan-activity;sid:84653698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.86.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790597/; classtype:trojan-activity;sid:84653697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790596)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ochech-lockframe.ochechstop.in.net"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790596/; classtype:trojan-activity;sid:84653696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.150.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790595/; classtype:trojan-activity;sid:84653695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.131.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790594/; classtype:trojan-activity;sid:84653694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790593)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"x4qzt.ochechstop.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790593/; classtype:trojan-activity;sid:84653693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.152.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790592/; classtype:trojan-activity;sid:84653692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.190.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790591/; classtype:trojan-activity;sid:84653691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790590)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"proof-anchorgrid.proofsurvivor.in.net"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790590/; classtype:trojan-activity;sid:84653690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790589)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"lifeline.proofsurvivor.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790589/; classtype:trojan-activity;sid:84653689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.44.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790588/; classtype:trojan-activity;sid:84653688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790587)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"v9k2p.proofsurvivor.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790587/; classtype:trojan-activity;sid:84653687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.150.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790586/; classtype:trojan-activity;sid:84653686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.163.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790585/; classtype:trojan-activity;sid:84653685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.131.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790584/; classtype:trojan-activity;sid:84653684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.157.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790582/; classtype:trojan-activity;sid:84653682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.63.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790583/; classtype:trojan-activity;sid:84653683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790581)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"addict-veilcore.addictfear.in.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790581/; classtype:trojan-activity;sid:84653681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.117.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790580/; classtype:trojan-activity;sid:84653680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790579)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"q7mxr.addictfear.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790579/; classtype:trojan-activity;sid:84653679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.190.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790578/; classtype:trojan-activity;sid:84653678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.17.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790577/; classtype:trojan-activity;sid:84653677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790576)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=pmmxemmlvojzpeko"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"kvid5obz.awakepathog.digital"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790576/; classtype:trojan-activity;sid:84653676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.157.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790575/; classtype:trojan-activity;sid:84653675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.89.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790574/; classtype:trojan-activity;sid:84653674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790573)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"amp-winvector.amperewin.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790573/; classtype:trojan-activity;sid:84653673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790572)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"currentflow.amperewin.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790572/; classtype:trojan-activity;sid:84653672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.188.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790571/; classtype:trojan-activity;sid:84653671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790570)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"y7qz2.amperewin.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790570/; classtype:trojan-activity;sid:84653670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.2.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790569/; classtype:trojan-activity;sid:84653669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.63.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790568/; classtype:trojan-activity;sid:84653668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.89.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790567/; classtype:trojan-activity;sid:84653667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.11.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790566/; classtype:trojan-activity;sid:84653666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790565)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"scene4-render.fourscene.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790565/; classtype:trojan-activity;sid:84653665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790564)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"visualstage.fourscene.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790564/; classtype:trojan-activity;sid:84653664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.168.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790563/; classtype:trojan-activity;sid:84653663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.121.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790562/; classtype:trojan-activity;sid:84653662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790561)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"denny-holdgrid.dennyportfol.in.net"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790561/; classtype:trojan-activity;sid:84653661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790560)"; flow:established,from_client; content:"GET"; http_method; content:"/997dfa4c91|3f|force=1"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"46.226.162.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790560/; classtype:trojan-activity;sid:84653660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790558)"; flow:established,from_client; content:"GET"; http_method; content:"/3/abroadeez/vendor.chunk.rlk9qg.js"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"stylemansisforeal.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790558/; classtype:trojan-activity;sid:84653658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790559)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=elxlcennyuhdptpw"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"lsvvpb8t.drinktide.digital"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790559/; classtype:trojan-activity;sid:84653659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790557)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"w3x9m.dennyportfol.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790557/; classtype:trojan-activity;sid:84653657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.121.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790556/; classtype:trojan-activity;sid:84653656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.33.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790555/; classtype:trojan-activity;sid:84653655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.77.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790554/; classtype:trojan-activity;sid:84653654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.168.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790553/; classtype:trojan-activity;sid:84653653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790548)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"46.203.233.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790548/; classtype:trojan-activity;sid:84653648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790549)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"46.203.233.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790549/; classtype:trojan-activity;sid:84653649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790550)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"46.203.233.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790550/; classtype:trojan-activity;sid:84653650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790551)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"46.203.233.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790551/; classtype:trojan-activity;sid:84653651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790552)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"46.203.233.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790552/; classtype:trojan-activity;sid:84653652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790540)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"46.203.233.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790540/; classtype:trojan-activity;sid:84653640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790541)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"46.203.233.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790541/; classtype:trojan-activity;sid:84653641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790542)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"46.203.233.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790542/; classtype:trojan-activity;sid:84653642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790543)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"46.203.233.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790543/; classtype:trojan-activity;sid:84653643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790544)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"46.203.233.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790544/; classtype:trojan-activity;sid:84653644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790545)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"46.203.233.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790545/; classtype:trojan-activity;sid:84653645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790546)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"46.203.233.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790546/; classtype:trojan-activity;sid:84653646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790547)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.203.233.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790547/; classtype:trojan-activity;sid:84653647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790539)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"46.203.233.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790539/; classtype:trojan-activity;sid:84653639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790538)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"corvetx-stream.corvetfordata.in.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790538/; classtype:trojan-activity;sid:84653638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790537)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"datadrive.corvetfordata.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790537/; classtype:trojan-activity;sid:84653637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.87.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790536/; classtype:trojan-activity;sid:84653636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"166.48.94.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790535/; classtype:trojan-activity;sid:84653635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.153.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790534/; classtype:trojan-activity;sid:84653634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790533)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"z5qtr.corvetfordata.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790533/; classtype:trojan-activity;sid:84653633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.77.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790532/; classtype:trojan-activity;sid:84653632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.216.225.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790531/; classtype:trojan-activity;sid:84653631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.244.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790530/; classtype:trojan-activity;sid:84653630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.244.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790529/; classtype:trojan-activity;sid:84653629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790528)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=vtrmqiyitfeuxxiu"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"ygzulpfl.floatmurta.digital"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790528/; classtype:trojan-activity;sid:84653628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.149.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790527/; classtype:trojan-activity;sid:84653627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.153.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790526/; classtype:trojan-activity;sid:84653626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.37.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790525/; classtype:trojan-activity;sid:84653625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790524)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cellculture.sdflkmicrobiol.in.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790524/; classtype:trojan-activity;sid:84653624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790523)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"n4qx7.sdflkmicrobiol.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790523/; classtype:trojan-activity;sid:84653623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.127.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790522/; classtype:trojan-activity;sid:84653622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790521)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"birdfract-sky.breaknbird.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790521/; classtype:trojan-activity;sid:84653621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790520)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"wingflight.breaknbird.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790520/; classtype:trojan-activity;sid:84653620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.246.85.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790519/; classtype:trojan-activity;sid:84653619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.47.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790518/; classtype:trojan-activity;sid:84653618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.119.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790517/; classtype:trojan-activity;sid:84653617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790516)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"t6pzr.breaknbird.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790516/; classtype:trojan-activity;sid:84653616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.252.174.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790515/; classtype:trojan-activity;sid:84653615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.37.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790514/; classtype:trojan-activity;sid:84653614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790513)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"constell-1node.constellupd.in.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790513/; classtype:trojan-activity;sid:84653613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.141.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790512/; classtype:trojan-activity;sid:84653612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.149.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790511/; classtype:trojan-activity;sid:84653611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790510)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"starvector.constellupd.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790510/; classtype:trojan-activity;sid:84653610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790509)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"q9wm4.constellupd.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790509/; classtype:trojan-activity;sid:84653609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.22.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790508/; classtype:trojan-activity;sid:84653608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.161.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790507/; classtype:trojan-activity;sid:84653607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.119.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790506/; classtype:trojan-activity;sid:84653606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.22.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790505/; classtype:trojan-activity;sid:84653605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790504)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"coachburn-edge.coachcoal.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790504/; classtype:trojan-activity;sid:84653604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.0.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790503/; classtype:trojan-activity;sid:84653603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.152.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790502/; classtype:trojan-activity;sid:84653602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.202.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790500/; classtype:trojan-activity;sid:84653600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.202.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790501/; classtype:trojan-activity;sid:84653601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790499)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"teamforge.coachcoal.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790499/; classtype:trojan-activity;sid:84653599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"post-host.screenconnect.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790498/; classtype:trojan-activity;sid:84653598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790494)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/portbet88.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"gacorportbet88.space"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790494/; classtype:trojan-activity;sid:84653594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790495)"; flow:established,from_client; content:"GET"; http_method; content:"/lake%20michigan%20cu.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"lmconnectuserappaccesscontrol.online"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790495/; classtype:trojan-activity;sid:84653595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790496)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/portbet88.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"gacorportbet88.store"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790496/; classtype:trojan-activity;sid:84653596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790497)"; flow:established,from_client; content:"GET"; http_method; content:"/apk/iapp%e6%89%8b%e5%86%8c_1.0.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"ztscym.pages.dev"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790497/; classtype:trojan-activity;sid:84653597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790493)"; flow:established,from_client; content:"GET"; http_method; content:"/spankki-zi/spankki.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"coloradoskitowns.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790493/; classtype:trojan-activity;sid:84653593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"admin.hggg.store"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790492/; classtype:trojan-activity;sid:84653592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.22.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790491/; classtype:trojan-activity;sid:84653591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790490)"; flow:established,from_client; content:"GET"; http_method; content:"/w1/lib/autoit3.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.190.153.160.host.secureserver.net"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790490/; classtype:trojan-activity;sid:84653590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790488)"; flow:established,from_client; content:"GET"; http_method; content:"/tul.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.46.217.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790488/; classtype:trojan-activity;sid:84653588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790489)"; flow:established,from_client; content:"GET"; http_method; content:"/v.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.46.217.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790489/; classtype:trojan-activity;sid:84653589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.17.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790487/; classtype:trojan-activity;sid:84653587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.197.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790486/; classtype:trojan-activity;sid:84653586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.226.183.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790485/; classtype:trojan-activity;sid:84653585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.228.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790484/; classtype:trojan-activity;sid:84653584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.75.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790483/; classtype:trojan-activity;sid:84653583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.221.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790482/; classtype:trojan-activity;sid:84653582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790480)"; flow:established,from_client; content:"GET"; http_method; content:"/1479090540531421216/1.png"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"anondrop.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790480/; classtype:trojan-activity;sid:84653580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.0.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790479/; classtype:trojan-activity;sid:84653579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.152.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790478/; classtype:trojan-activity;sid:84653578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790477)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kz7v2.coachcoal.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790477/; classtype:trojan-activity;sid:84653577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.216.225.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790476/; classtype:trojan-activity;sid:84653576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.35.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790475/; classtype:trojan-activity;sid:84653575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.186.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790474/; classtype:trojan-activity;sid:84653574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.254.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790473/; classtype:trojan-activity;sid:84653573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790472)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"abcgrid-0form.abcdesign.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790472/; classtype:trojan-activity;sid:84653572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.66.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790471/; classtype:trojan-activity;sid:84653571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.197.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790470/; classtype:trojan-activity;sid:84653570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.226.183.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790469/; classtype:trojan-activity;sid:84653569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.75.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790468/; classtype:trojan-activity;sid:84653568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.231.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790467/; classtype:trojan-activity;sid:84653567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790466)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"pixelcraft.abcdesign.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790466/; classtype:trojan-activity;sid:84653566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.219.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790465/; classtype:trojan-activity;sid:84653565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.152.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790463/; classtype:trojan-activity;sid:84653563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.178.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790464/; classtype:trojan-activity;sid:84653564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.123.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790462/; classtype:trojan-activity;sid:84653562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.214.40.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790461/; classtype:trojan-activity;sid:84653561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.53.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790460/; classtype:trojan-activity;sid:84653560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.223.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790459/; classtype:trojan-activity;sid:84653559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.14.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790458/; classtype:trojan-activity;sid:84653558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790457)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"rx8qk.abcdesign.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790457/; classtype:trojan-activity;sid:84653557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790456)"; flow:established,from_client; content:"GET"; http_method; content:"/vxs/mipsel"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"109.72.124.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790456/; classtype:trojan-activity;sid:84653556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.123.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790455/; classtype:trojan-activity;sid:84653555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.214.40.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790454/; classtype:trojan-activity;sid:84653554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.177.103.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790453/; classtype:trojan-activity;sid:84653553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.35.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790452/; classtype:trojan-activity;sid:84653552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790451)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"stre06.aquastream.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790451/; classtype:trojan-activity;sid:84653551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.33.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790450/; classtype:trojan-activity;sid:84653550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.142.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790449/; classtype:trojan-activity;sid:84653549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.142.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790448/; classtype:trojan-activity;sid:84653548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790447)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=yvibwwnntogwtapp"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"f7ozu1t9.flogginquisit.digital"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790447/; classtype:trojan-activity;sid:84653547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.171.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790446/; classtype:trojan-activity;sid:84653546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.150.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790445/; classtype:trojan-activity;sid:84653545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.160.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790444/; classtype:trojan-activity;sid:84653544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.156.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790443/; classtype:trojan-activity;sid:84653543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.186.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790442/; classtype:trojan-activity;sid:84653542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790441/; classtype:trojan-activity;sid:84653541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790440/; classtype:trojan-activity;sid:84653540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.36.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790439/; classtype:trojan-activity;sid:84653539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.115.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790438/; classtype:trojan-activity;sid:84653538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.80.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790437/; classtype:trojan-activity;sid:84653537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.5.188"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790436/; classtype:trojan-activity;sid:84653536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790435)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ip-2422.proline.net.ua"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790435/; classtype:trojan-activity;sid:84653535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ip-2422.proline.net.ua"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790433/; classtype:trojan-activity;sid:84653533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"ip-2422.proline.net.ua"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790434/; classtype:trojan-activity;sid:84653534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790430)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.244.36.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790430/; classtype:trojan-activity;sid:84653530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790431)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"aqua-sync.aquastream.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790431/; classtype:trojan-activity;sid:84653531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790432)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ip-2422.proline.net.ua"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790432/; classtype:trojan-activity;sid:84653532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.33.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790429/; classtype:trojan-activity;sid:84653529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.33.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790428/; classtype:trojan-activity;sid:84653528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790427/; classtype:trojan-activity;sid:84653527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.115.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790426/; classtype:trojan-activity;sid:84653526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.171.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790425/; classtype:trojan-activity;sid:84653525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.5.188"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790424/; classtype:trojan-activity;sid:84653524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790423)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"stre-v9.aquastream.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790423/; classtype:trojan-activity;sid:84653523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.55.22.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790422/; classtype:trojan-activity;sid:84653522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.55.22.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790421/; classtype:trojan-activity;sid:84653521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.103.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790420/; classtype:trojan-activity;sid:84653520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.51.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790419/; classtype:trojan-activity;sid:84653519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.3.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790417/; classtype:trojan-activity;sid:84653517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.103.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790418/; classtype:trojan-activity;sid:84653518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.61.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790416/; classtype:trojan-activity;sid:84653516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.239.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790415/; classtype:trojan-activity;sid:84653515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.1.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790414/; classtype:trojan-activity;sid:84653514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.237.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790413/; classtype:trojan-activity;sid:84653513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790412)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hydro-run.aquastream.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790412/; classtype:trojan-activity;sid:84653512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.239.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790411/; classtype:trojan-activity;sid:84653511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.1.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790410/; classtype:trojan-activity;sid:84653510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.229.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790409/; classtype:trojan-activity;sid:84653509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790408)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vant05.trailvantage.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790408/; classtype:trojan-activity;sid:84653508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.146.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790407/; classtype:trojan-activity;sid:84653507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.146.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790406/; classtype:trojan-activity;sid:84653506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.0.32"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790405/; classtype:trojan-activity;sid:84653505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.237.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790404/; classtype:trojan-activity;sid:84653504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.166.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790403/; classtype:trojan-activity;sid:84653503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.246.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790402/; classtype:trojan-activity;sid:84653502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.30.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790401/; classtype:trojan-activity;sid:84653501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790400)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"trail-net.trailvantage.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790400/; classtype:trojan-activity;sid:84653500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.254.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790399/; classtype:trojan-activity;sid:84653499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.109.200.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790398/; classtype:trojan-activity;sid:84653498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.30.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790397/; classtype:trojan-activity;sid:84653497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.246.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790396/; classtype:trojan-activity;sid:84653496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.122.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790395/; classtype:trojan-activity;sid:84653495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.150.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790394/; classtype:trojan-activity;sid:84653494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.35.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790393/; classtype:trojan-activity;sid:84653493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.1.45"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790392/; classtype:trojan-activity;sid:84653492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.175.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790391/; classtype:trojan-activity;sid:84653491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.6.168.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790390/; classtype:trojan-activity;sid:84653490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.49.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790387/; classtype:trojan-activity;sid:84653487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.172.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790388/; classtype:trojan-activity;sid:84653488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.136.4.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790389/; classtype:trojan-activity;sid:84653489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.175.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790386/; classtype:trojan-activity;sid:84653486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.1.45"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790385/; classtype:trojan-activity;sid:84653485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.204.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790384/; classtype:trojan-activity;sid:84653484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.49.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790383/; classtype:trojan-activity;sid:84653483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.183.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790382/; classtype:trojan-activity;sid:84653482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.166.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790381/; classtype:trojan-activity;sid:84653481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.92.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790380/; classtype:trojan-activity;sid:84653480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790379)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.166.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790379/; classtype:trojan-activity;sid:84653479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790378)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vant-v8.trailvantage.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790378/; classtype:trojan-activity;sid:84653478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.183.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790377/; classtype:trojan-activity;sid:84653477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.186.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790376/; classtype:trojan-activity;sid:84653476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790375)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.141.58.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790375/; classtype:trojan-activity;sid:84653475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790374)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"logi-base.trailvantage.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790374/; classtype:trojan-activity;sid:84653474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.92.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790373/; classtype:trojan-activity;sid:84653473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790372)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sent03.skysentry.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790372/; classtype:trojan-activity;sid:84653472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790371)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.57.216.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790371/; classtype:trojan-activity;sid:84653471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790368)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.216.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790368/; classtype:trojan-activity;sid:84653468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790369)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.57.216.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790369/; classtype:trojan-activity;sid:84653469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790370)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.57.216.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790370/; classtype:trojan-activity;sid:84653470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790367)"; flow:established,from_client; content:"GET"; http_method; content:"/clean"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.57.216.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790367/; classtype:trojan-activity;sid:84653467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.254.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790366/; classtype:trojan-activity;sid:84653466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.177.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790365/; classtype:trojan-activity;sid:84653465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790364)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sky-gate.skysentry.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790364/; classtype:trojan-activity;sid:84653464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.52.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790363/; classtype:trojan-activity;sid:84653463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790362/; classtype:trojan-activity;sid:84653462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.235.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790361/; classtype:trojan-activity;sid:84653461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790360)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sent-v7.skysentry.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790360/; classtype:trojan-activity;sid:84653460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.2.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790359/; classtype:trojan-activity;sid:84653459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.237.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790358/; classtype:trojan-activity;sid:84653458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790357)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"aero-hub.skysentry.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790357/; classtype:trojan-activity;sid:84653457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.161.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790356/; classtype:trojan-activity;sid:84653456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.52.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790355/; classtype:trojan-activity;sid:84653455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.2.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790354/; classtype:trojan-activity;sid:84653454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.208.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790353/; classtype:trojan-activity;sid:84653453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790352)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"link08.organiclink.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790352/; classtype:trojan-activity;sid:84653452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790350)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"orga-sync.organiclink.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790350/; classtype:trojan-activity;sid:84653450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.104.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790351/; classtype:trojan-activity;sid:84653451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.235.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790349/; classtype:trojan-activity;sid:84653449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.208.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790348/; classtype:trojan-activity;sid:84653448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790347)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"link-v6.organiclink.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790347/; classtype:trojan-activity;sid:84653447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.64.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790346/; classtype:trojan-activity;sid:84653446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790345)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bio-trace.organiclink.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790345/; classtype:trojan-activity;sid:84653445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.32.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790344/; classtype:trojan-activity;sid:84653444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.152.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790343/; classtype:trojan-activity;sid:84653443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.68.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790342/; classtype:trojan-activity;sid:84653442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790341)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"pulse02.metropulse.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790341/; classtype:trojan-activity;sid:84653441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790340/; classtype:trojan-activity;sid:84653440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.177.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790339/; classtype:trojan-activity;sid:84653439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.64.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790338/; classtype:trojan-activity;sid:84653438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790337)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"metro-net.metropulse.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790337/; classtype:trojan-activity;sid:84653437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.62.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790336/; classtype:trojan-activity;sid:84653436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790335)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"pulse-v5.metropulse.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790335/; classtype:trojan-activity;sid:84653435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.81.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790334/; classtype:trojan-activity;sid:84653434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.152.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790333/; classtype:trojan-activity;sid:84653433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.241.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790332/; classtype:trojan-activity;sid:84653432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790331)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"urban-sys.metropulse.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790331/; classtype:trojan-activity;sid:84653431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790330)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.57.216.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790330/; classtype:trojan-activity;sid:84653430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790329/; classtype:trojan-activity;sid:84653429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.241.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790328/; classtype:trojan-activity;sid:84653428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790327)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nest09.cryptonest.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790327/; classtype:trojan-activity;sid:84653427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.210.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790326/; classtype:trojan-activity;sid:84653426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.5.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790325/; classtype:trojan-activity;sid:84653425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790324)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cryp-sync.cryptonest.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790324/; classtype:trojan-activity;sid:84653424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.68.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790323/; classtype:trojan-activity;sid:84653423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790322)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nest-v4.cryptonest.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790322/; classtype:trojan-activity;sid:84653422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790321/; classtype:trojan-activity;sid:84653421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.1.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790320/; classtype:trojan-activity;sid:84653420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.195.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790319/; classtype:trojan-activity;sid:84653419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.147.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790318/; classtype:trojan-activity;sid:84653418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790317)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"data-vault.cryptonest.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790317/; classtype:trojan-activity;sid:84653417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.122.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790316/; classtype:trojan-activity;sid:84653416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.163.91.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790315/; classtype:trojan-activity;sid:84653415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790314)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"brid01.fluxbridge.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790314/; classtype:trojan-activity;sid:84653414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.197.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790312/; classtype:trojan-activity;sid:84653412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.78.237.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790313/; classtype:trojan-activity;sid:84653413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.65.123.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790311/; classtype:trojan-activity;sid:84653411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.65.123.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790310/; classtype:trojan-activity;sid:84653410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790309)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"flux-net.fluxbridge.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790309/; classtype:trojan-activity;sid:84653409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790308)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.24.210.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790308/; classtype:trojan-activity;sid:84653408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790307)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"brid-v3.fluxbridge.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790307/; classtype:trojan-activity;sid:84653407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.122.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790306/; classtype:trojan-activity;sid:84653406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790305)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"flow-core.fluxbridge.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790305/; classtype:trojan-activity;sid:84653405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.47.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790304/; classtype:trojan-activity;sid:84653404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.197.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790303/; classtype:trojan-activity;sid:84653403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790302)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"matr07.fieldmatrix.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790302/; classtype:trojan-activity;sid:84653402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.40.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790301/; classtype:trojan-activity;sid:84653401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790300)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"field-sync.fieldmatrix.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790300/; classtype:trojan-activity;sid:84653400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.72.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790299/; classtype:trojan-activity;sid:84653399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.235.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790298/; classtype:trojan-activity;sid:84653398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790297)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"matr-v2.fieldmatrix.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790297/; classtype:trojan-activity;sid:84653397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.235.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790296/; classtype:trojan-activity;sid:84653396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790295)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"agro-unit.fieldmatrix.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790295/; classtype:trojan-activity;sid:84653395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.40.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790294/; classtype:trojan-activity;sid:84653394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.14.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790293/; classtype:trojan-activity;sid:84653393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790292)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"view04.tectoniview.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790292/; classtype:trojan-activity;sid:84653392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.14.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790291/; classtype:trojan-activity;sid:84653391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790290)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tecto-sync.tectoniview.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790290/; classtype:trojan-activity;sid:84653390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790289)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"view-v1.tectoniview.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790289/; classtype:trojan-activity;sid:84653389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.228.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790288/; classtype:trojan-activity;sid:84653388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.229.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790287/; classtype:trojan-activity;sid:84653387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.209.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790286/; classtype:trojan-activity;sid:84653386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.161.100.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790285/; classtype:trojan-activity;sid:84653385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.228.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790284/; classtype:trojan-activity;sid:84653384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790283)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cyber-node.tectoniview.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790283/; classtype:trojan-activity;sid:84653383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790282)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"lose06.amperelose.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790282/; classtype:trojan-activity;sid:84653382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.5.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790281/; classtype:trojan-activity;sid:84653381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790280)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"amp-v1.amperelose.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790280/; classtype:trojan-activity;sid:84653380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.18.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790279/; classtype:trojan-activity;sid:84653379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790278)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"volt-sync.amperelose.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790278/; classtype:trojan-activity;sid:84653378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.1.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790277/; classtype:trojan-activity;sid:84653377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790276)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"amp-lose.amperelose.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790276/; classtype:trojan-activity;sid:84653376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790275)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kero01.avonkerosene.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790275/; classtype:trojan-activity;sid:84653375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790274)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"avon-v9.avonkerosene.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790274/; classtype:trojan-activity;sid:84653374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.88.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790273/; classtype:trojan-activity;sid:84653373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790272)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kero-net.avonkerosene.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790272/; classtype:trojan-activity;sid:84653372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790271)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"avon-core.avonkerosene.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790271/; classtype:trojan-activity;sid:84653371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790270)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"maku07.makuhaportfol.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790270/; classtype:trojan-activity;sid:84653370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790269)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"port-v8.makuhaportfol.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790269/; classtype:trojan-activity;sid:84653369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790268)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"maku-base.makuhaportfol.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790268/; classtype:trojan-activity;sid:84653368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.84.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790267/; classtype:trojan-activity;sid:84653367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.125.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790266/; classtype:trojan-activity;sid:84653366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790265)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"port-fol.makuhaportfol.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790265/; classtype:trojan-activity;sid:84653365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.84.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790264/; classtype:trojan-activity;sid:84653364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.61.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790263/; classtype:trojan-activity;sid:84653363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.61.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790262/; classtype:trojan-activity;sid:84653362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790261)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"synch03.corvetsynchron.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790261/; classtype:trojan-activity;sid:84653361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.181.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790260/; classtype:trojan-activity;sid:84653360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.10.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790259/; classtype:trojan-activity;sid:84653359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.125.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790258/; classtype:trojan-activity;sid:84653358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790257)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"corvet-v7.corvetsynchron.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790257/; classtype:trojan-activity;sid:84653357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.104.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790256/; classtype:trojan-activity;sid:84653356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.61.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790255/; classtype:trojan-activity;sid:84653355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790254)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"synch-node.corvetsynchron.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790254/; classtype:trojan-activity;sid:84653354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.203.134.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790253/; classtype:trojan-activity;sid:84653353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790252)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"corvet-sync.corvetsynchron.in.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790252/; classtype:trojan-activity;sid:84653352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.157.196.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790251/; classtype:trojan-activity;sid:84653351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.181.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790250/; classtype:trojan-activity;sid:84653350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790249)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"big02.bigamyprogramm.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790249/; classtype:trojan-activity;sid:84653349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.129.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790248/; classtype:trojan-activity;sid:84653348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790247)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"prog-v6.bigamyprogramm.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790247/; classtype:trojan-activity;sid:84653347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790246)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sys-node.bigamyprogramm.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790246/; classtype:trojan-activity;sid:84653346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.101.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790245/; classtype:trojan-activity;sid:84653345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.166.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790244/; classtype:trojan-activity;sid:84653344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790243)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"big-prog.bigamyprogramm.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790243/; classtype:trojan-activity;sid:84653343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790242)"; flow:established,from_client; content:"GET"; http_method; content:"/release/arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.13.238.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790242/; classtype:trojan-activity;sid:84653342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790239)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"130.12.180.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790239/; classtype:trojan-activity;sid:84653339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790240)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"130.12.180.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790240/; classtype:trojan-activity;sid:84653340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790241)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"130.12.180.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790241/; classtype:trojan-activity;sid:84653341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790237)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"130.12.180.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790237/; classtype:trojan-activity;sid:84653337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790238)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"130.12.180.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790238/; classtype:trojan-activity;sid:84653338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790234)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.141.58.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790234/; classtype:trojan-activity;sid:84653334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790235)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"130.12.180.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790235/; classtype:trojan-activity;sid:84653335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790236)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"130.12.180.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790236/; classtype:trojan-activity;sid:84653336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790230)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"130.12.180.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790230/; classtype:trojan-activity;sid:84653330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790231)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"130.12.180.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790231/; classtype:trojan-activity;sid:84653331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790232)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"130.12.180.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790232/; classtype:trojan-activity;sid:84653332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790233)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"130.12.180.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790233/; classtype:trojan-activity;sid:84653333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790229)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hryv08.hryvmicrobiol.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790229/; classtype:trojan-activity;sid:84653329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.129.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790228/; classtype:trojan-activity;sid:84653328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.124.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790227/; classtype:trojan-activity;sid:84653327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790226)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"micro-v5.hryvmicrobiol.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790226/; classtype:trojan-activity;sid:84653326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.124.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790225/; classtype:trojan-activity;sid:84653325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790224)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hryv-node.hryvmicrobiol.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790224/; classtype:trojan-activity;sid:84653324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790223)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"micro-bio.hryvmicrobiol.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790223/; classtype:trojan-activity;sid:84653323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.199.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790222/; classtype:trojan-activity;sid:84653322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790221)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"skird05.breakskird.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790221/; classtype:trojan-activity;sid:84653321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790220)"; flow:established,from_client; content:"GET"; http_method; content:"/blof"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.211.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790220/; classtype:trojan-activity;sid:84653320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.176.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790219/; classtype:trojan-activity;sid:84653319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790218)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"break-v4.breakskird.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790218/; classtype:trojan-activity;sid:84653318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790217)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"skird-net.breakskird.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790217/; classtype:trojan-activity;sid:84653317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.199.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790216/; classtype:trojan-activity;sid:84653316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790215)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"break-unit.breakskird.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790215/; classtype:trojan-activity;sid:84653315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.181.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790214/; classtype:trojan-activity;sid:84653314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790213)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"trav01.constelluntrav.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790213/; classtype:trojan-activity;sid:84653313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790212)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"const-v3.constelluntrav.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790212/; classtype:trojan-activity;sid:84653312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.91.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790211/; classtype:trojan-activity;sid:84653311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790210)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"trav-base.constelluntrav.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790210/; classtype:trojan-activity;sid:84653310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790209)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790209/; classtype:trojan-activity;sid:84653309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790208)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"const-gate.constelluntrav.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790208/; classtype:trojan-activity;sid:84653308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790207)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790207/; classtype:trojan-activity;sid:84653307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790200)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790200/; classtype:trojan-activity;sid:84653300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790201)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790201/; classtype:trojan-activity;sid:84653301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790202)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.139.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790202/; classtype:trojan-activity;sid:84653302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790203)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790203/; classtype:trojan-activity;sid:84653303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790204)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790204/; classtype:trojan-activity;sid:84653304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790205)"; flow:established,from_client; content:"GET"; http_method; content:"/mips64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790205/; classtype:trojan-activity;sid:84653305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790198)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790198/; classtype:trojan-activity;sid:84653298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790199)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790199/; classtype:trojan-activity;sid:84653299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790191)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790191/; classtype:trojan-activity;sid:84653291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790192)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790192/; classtype:trojan-activity;sid:84653292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790193)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790193/; classtype:trojan-activity;sid:84653293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790194)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790194/; classtype:trojan-activity;sid:84653294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790195)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790195/; classtype:trojan-activity;sid:84653295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790196)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790196/; classtype:trojan-activity;sid:84653296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790197)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790197/; classtype:trojan-activity;sid:84653297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.181.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790190/; classtype:trojan-activity;sid:84653290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790189)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"soup09.coachsoup.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790189/; classtype:trojan-activity;sid:84653289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.207.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790188/; classtype:trojan-activity;sid:84653288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.17.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790187/; classtype:trojan-activity;sid:84653287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790186)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"coach-v2.coachsoup.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790186/; classtype:trojan-activity;sid:84653286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.17.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790185/; classtype:trojan-activity;sid:84653285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790184)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"soup-node.coachsoup.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790184/; classtype:trojan-activity;sid:84653284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.53.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790182/; classtype:trojan-activity;sid:84653282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.207.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790183/; classtype:trojan-activity;sid:84653283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.73.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790181/; classtype:trojan-activity;sid:84653281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790180)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"coach-sync.coachsoup.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790180/; classtype:trojan-activity;sid:84653280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790179)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"com04.commundesign.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790179/; classtype:trojan-activity;sid:84653279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790178)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"design-v1.commundesign.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790178/; classtype:trojan-activity;sid:84653278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790176)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.mips"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"70.36.97.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790176/; classtype:trojan-activity;sid:84653276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790177)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.arm"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"70.36.97.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790177/; classtype:trojan-activity;sid:84653277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790171)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.i686"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"70.36.97.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790171/; classtype:trojan-activity;sid:84653271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790172)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.arm6"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"70.36.97.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790172/; classtype:trojan-activity;sid:84653272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790173)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.m68k"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"70.36.97.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790173/; classtype:trojan-activity;sid:84653273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790174)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.ppc"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"70.36.97.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790174/; classtype:trojan-activity;sid:84653274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790175)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.arm7"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"70.36.97.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790175/; classtype:trojan-activity;sid:84653275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790163)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.sh4"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"70.36.97.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790163/; classtype:trojan-activity;sid:84653263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790164)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.arc"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"70.36.97.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790164/; classtype:trojan-activity;sid:84653264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790165)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.arm5"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"70.36.97.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790165/; classtype:trojan-activity;sid:84653265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790166)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.spc"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"70.36.97.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790166/; classtype:trojan-activity;sid:84653266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790167)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.i486"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"70.36.97.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790167/; classtype:trojan-activity;sid:84653267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790168)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.x86_64"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"70.36.97.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790168/; classtype:trojan-activity;sid:84653268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790169)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.mpsl"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"70.36.97.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790169/; classtype:trojan-activity;sid:84653269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790170)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ng0d33w1771nnmnlove/mmaarriioisectanee.x86"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"70.36.97.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790170/; classtype:trojan-activity;sid:84653270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.183.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790162/; classtype:trojan-activity;sid:84653262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790161)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8499672124/b1jnsvy.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"130.12.180.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790161/; classtype:trojan-activity;sid:84653261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790160)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cccleaner.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"celi-rom.ro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790160/; classtype:trojan-activity;sid:84653260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790158)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1pyyqrpumh0ytpg-vqvmnzkuo9i8-rz7l|7c|26|7c|export=download"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790158/; classtype:trojan-activity;sid:84653258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790159)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"net-hub.commundesign.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790159/; classtype:trojan-activity;sid:84653259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.73.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790157/; classtype:trojan-activity;sid:84653257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790156)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"com-design.commundesign.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790156/; classtype:trojan-activity;sid:84653256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790155)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7311893838/0fm7hns.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"130.12.180.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790155/; classtype:trojan-activity;sid:84653255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790154)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mimi-knotline.mimisttie.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790154/; classtype:trojan-activity;sid:84653254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790153)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tinythread.mimisttie.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790153/; classtype:trojan-activity;sid:84653253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.183.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790152/; classtype:trojan-activity;sid:84653252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790151)"; flow:established,from_client; content:"GET"; http_method; content:"/taffy/esta/eleonore/malissia/elle/annadiana/kania/wrennie/fern|3f|fiona=adrianna"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"blankeyeo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790151/; classtype:trojan-activity;sid:84653251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790150)"; flow:established,from_client; content:"GET"; http_method; content:"/eugenia/eddy/gaylene/marji/sile/christean/carmon|3f|crista=kristine_rp"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"un1rw11q4u.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790150/; classtype:trojan-activity;sid:84653250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790149)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"zk8q4.mimisttie.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790149/; classtype:trojan-activity;sid:84653249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.23.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790148/; classtype:trojan-activity;sid:84653248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790147)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"geo-p1levector.geodesistpile.in.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790147/; classtype:trojan-activity;sid:84653247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.210.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790146/; classtype:trojan-activity;sid:84653246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790145)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"surveyrock.geodesistpile.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790145/; classtype:trojan-activity;sid:84653245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790144)"; flow:established,from_client; content:"GET"; http_method; content:"/hinda/arabelle/mirabella/dinah/staci|3f|theresa=benni_rp"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"blankeyeo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790144/; classtype:trojan-activity;sid:84653244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790143)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7362035837/ftwxqsw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"130.12.180.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790143/; classtype:trojan-activity;sid:84653243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.157.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790142/; classtype:trojan-activity;sid:84653242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790141)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"q7wz3.geodesistpile.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790141/; classtype:trojan-activity;sid:84653241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.226.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790140/; classtype:trojan-activity;sid:84653240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790139)"; flow:established,from_client; content:"GET"; http_method; content:"/bro/gold1"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.83.140.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790139/; classtype:trojan-activity;sid:84653239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790138)"; flow:established,from_client; content:"GET"; http_method; content:"/emaabmj/emaabmj.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"fil.ydns.eu"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790138/; classtype:trojan-activity;sid:84653238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790137)"; flow:established,from_client; content:"GET"; http_method; content:"/qqgsylx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tenyunat-99viplawt.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790137/; classtype:trojan-activity;sid:84653237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790136)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"engrave-vel0ur.engravevelvet.in.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790136/; classtype:trojan-activity;sid:84653236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790135)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"softcarve.engravevelvet.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790135/; classtype:trojan-activity;sid:84653235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.210.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790134/; classtype:trojan-activity;sid:84653234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790133)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"y6xq9.engravevelvet.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790133/; classtype:trojan-activity;sid:84653233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.23.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790132/; classtype:trojan-activity;sid:84653232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.157.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790131/; classtype:trojan-activity;sid:84653231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790130)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"esaul-frostline.esaulsnow.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790130/; classtype:trojan-activity;sid:84653230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790129)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"90.231.188.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790129/; classtype:trojan-activity;sid:84653229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790128)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"wintertrail.esaulsnow.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790128/; classtype:trojan-activity;sid:84653228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.213.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790127/; classtype:trojan-activity;sid:84653227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.213.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790126/; classtype:trojan-activity;sid:84653226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.226.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790125/; classtype:trojan-activity;sid:84653225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.28.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790124/; classtype:trojan-activity;sid:84653224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790123)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"v8q2r.esaulsnow.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790123/; classtype:trojan-activity;sid:84653223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790122)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"infant-woodgrid.infantwoodman.in.net"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790122/; classtype:trojan-activity;sid:84653222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790121)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.137.245.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790121/; classtype:trojan-activity;sid:84653221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790120)"; flow:established,from_client; content:"GET"; http_method; content:"/3"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790120/; classtype:trojan-activity;sid:84653220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790119)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"youngtimber.infantwoodman.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790119/; classtype:trojan-activity;sid:84653219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790118)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"xk39q.infantwoodman.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790118/; classtype:trojan-activity;sid:84653218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790117)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790117/; classtype:trojan-activity;sid:84653217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790116)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790116/; classtype:trojan-activity;sid:84653216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790114)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"s8.vizja.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790114/; classtype:trojan-activity;sid:84653214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790115)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790115/; classtype:trojan-activity;sid:84653215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790113)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=vivmuieotstesoaq"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"4enjfmcl.wallnapalm.digital"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790113/; classtype:trojan-activity;sid:84653213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790106)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"s8.vizja.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790106/; classtype:trojan-activity;sid:84653206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790107)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"s8.vizja.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790107/; classtype:trojan-activity;sid:84653207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790108)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790108/; classtype:trojan-activity;sid:84653208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790109)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.coolcams.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790109/; classtype:trojan-activity;sid:84653209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790110)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790110/; classtype:trojan-activity;sid:84653210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790111)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790111/; classtype:trojan-activity;sid:84653211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790112)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790112/; classtype:trojan-activity;sid:84653212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790105)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790105/; classtype:trojan-activity;sid:84653205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790098)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790098/; classtype:trojan-activity;sid:84653198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790099)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790099/; classtype:trojan-activity;sid:84653199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790100)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790100/; classtype:trojan-activity;sid:84653200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790101)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790101/; classtype:trojan-activity;sid:84653201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790102)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790102/; classtype:trojan-activity;sid:84653202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790103)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790103/; classtype:trojan-activity;sid:84653203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790104)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.coolcams.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790104/; classtype:trojan-activity;sid:84653204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.228.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790097/; classtype:trojan-activity;sid:84653197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.233.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790095/; classtype:trojan-activity;sid:84653195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.194.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790096/; classtype:trojan-activity;sid:84653196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790094)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sabbathforge.magnesshabas.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790094/; classtype:trojan-activity;sid:84653194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790093)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"magnes-core.magnesshabas.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790093/; classtype:trojan-activity;sid:84653193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790076)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.r34fa352.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790076/; classtype:trojan-activity;sid:84653176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790077)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790077/; classtype:trojan-activity;sid:84653177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790078)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.r34fa352.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790078/; classtype:trojan-activity;sid:84653178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790079)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.coolcams.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790079/; classtype:trojan-activity;sid:84653179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790080)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.coolcams.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790080/; classtype:trojan-activity;sid:84653180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790081)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"s8.vizja.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790081/; classtype:trojan-activity;sid:84653181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790082)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.r34fa352.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790082/; classtype:trojan-activity;sid:84653182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790083)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"s8.vizja.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790083/; classtype:trojan-activity;sid:84653183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790084)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790084/; classtype:trojan-activity;sid:84653184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790085)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"s8.vizja.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790085/; classtype:trojan-activity;sid:84653185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790086)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"s8.vizja.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790086/; classtype:trojan-activity;sid:84653186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790087)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790087/; classtype:trojan-activity;sid:84653187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790088)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.r34fa352.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790088/; classtype:trojan-activity;sid:84653188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790089)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790089/; classtype:trojan-activity;sid:84653189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790090)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790090/; classtype:trojan-activity;sid:84653190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790091)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"s8.vizja.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790091/; classtype:trojan-activity;sid:84653191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790092)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790092/; classtype:trojan-activity;sid:84653192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790074)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.coolcams.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790074/; classtype:trojan-activity;sid:84653174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790075)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"s8.vizja.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790075/; classtype:trojan-activity;sid:84653175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790066)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.r34fa352.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790066/; classtype:trojan-activity;sid:84653166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790067)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.r34fa352.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790067/; classtype:trojan-activity;sid:84653167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790068)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.r34fa352.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790068/; classtype:trojan-activity;sid:84653168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790069)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"s8.vizja.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790069/; classtype:trojan-activity;sid:84653169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790070)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.coolcams.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790070/; classtype:trojan-activity;sid:84653170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790071)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.coolcams.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790071/; classtype:trojan-activity;sid:84653171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790072)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.r34fa352.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790072/; classtype:trojan-activity;sid:84653172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790073)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.coolcams.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790073/; classtype:trojan-activity;sid:84653173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790056)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.r34fa352.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790056/; classtype:trojan-activity;sid:84653156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790057)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"s8.vizja.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790057/; classtype:trojan-activity;sid:84653157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790058)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.coolcams.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790058/; classtype:trojan-activity;sid:84653158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790059)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.coolcams.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790059/; classtype:trojan-activity;sid:84653159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790060)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.coolcams.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790060/; classtype:trojan-activity;sid:84653160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790061)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.r34fa352.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790061/; classtype:trojan-activity;sid:84653161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790062)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.r34fa352.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790062/; classtype:trojan-activity;sid:84653162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790063)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790063/; classtype:trojan-activity;sid:84653163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790064)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.r34fa352.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790064/; classtype:trojan-activity;sid:84653164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790065)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.coolcams.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790065/; classtype:trojan-activity;sid:84653165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790055)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790055/; classtype:trojan-activity;sid:84653155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790052)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"s8.vizja.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790052/; classtype:trojan-activity;sid:84653152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790053)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790053/; classtype:trojan-activity;sid:84653153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790054)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790054/; classtype:trojan-activity;sid:84653154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790051)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"130.12.180.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790051/; classtype:trojan-activity;sid:84653151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.237.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790050/; classtype:trojan-activity;sid:84653150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790049)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.12.180.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790049/; classtype:trojan-activity;sid:84653149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790047)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"130.12.180.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790047/; classtype:trojan-activity;sid:84653147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790048)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"130.12.180.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790048/; classtype:trojan-activity;sid:84653148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790046)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"130.12.180.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790046/; classtype:trojan-activity;sid:84653146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.209.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790045/; classtype:trojan-activity;sid:84653145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.174.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790044/; classtype:trojan-activity;sid:84653144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.194.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790043/; classtype:trojan-activity;sid:84653143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790042)"; flow:established,from_client; content:"GET"; http_method; content:"/gaiih/rmisvws3pt5rpe1y.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"temp.sh"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790042/; classtype:trojan-activity;sid:84653142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790041)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"neronpidaras.it.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790041/; classtype:trojan-activity;sid:84653141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790040)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.neronpidaras.it.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790040/; classtype:trojan-activity;sid:84653140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790037)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"2.56.10.144"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790037/; classtype:trojan-activity;sid:84653137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790038)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.neronpidaras.it.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790038/; classtype:trojan-activity;sid:84653138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790039)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.neronpidaras.it.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790039/; classtype:trojan-activity;sid:84653139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790035)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"neronpidaras.it.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790035/; classtype:trojan-activity;sid:84653135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790036)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.neronpidaras.it.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790036/; classtype:trojan-activity;sid:84653136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790033)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"neronpidaras.it.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790033/; classtype:trojan-activity;sid:84653133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790034)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.neronpidaras.it.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790034/; classtype:trojan-activity;sid:84653134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790032)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"neronpidaras.it.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790032/; classtype:trojan-activity;sid:84653132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790031)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.neronpidaras.it.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790031/; classtype:trojan-activity;sid:84653131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790027)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"neronpidaras.it.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790027/; classtype:trojan-activity;sid:84653127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790028)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"neronpidaras.it.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790028/; classtype:trojan-activity;sid:84653128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790029)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.neronpidaras.it.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790029/; classtype:trojan-activity;sid:84653129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790030)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"neronpidaras.it.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790030/; classtype:trojan-activity;sid:84653130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790025)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.neronpidaras.it.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790025/; classtype:trojan-activity;sid:84653125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790026)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"neronpidaras.it.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790026/; classtype:trojan-activity;sid:84653126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790017)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.neronpidaras.it.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790017/; classtype:trojan-activity;sid:84653117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790018)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"neronpidaras.it.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790018/; classtype:trojan-activity;sid:84653118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790019)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.neronpidaras.it.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790019/; classtype:trojan-activity;sid:84653119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790020)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.neronpidaras.it.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790020/; classtype:trojan-activity;sid:84653120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790021)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.neronpidaras.it.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790021/; classtype:trojan-activity;sid:84653121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790022)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"neronpidaras.it.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790022/; classtype:trojan-activity;sid:84653122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790023)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"neronpidaras.it.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790023/; classtype:trojan-activity;sid:84653123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790024)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"neronpidaras.it.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790024/; classtype:trojan-activity;sid:84653124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790015)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.56.10.144"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790015/; classtype:trojan-activity;sid:84653115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790016)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.56.10.144"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790016/; classtype:trojan-activity;sid:84653116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790014)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nq7w5.magnesshabas.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790014/; classtype:trojan-activity;sid:84653114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790011)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.56.10.144"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790011/; classtype:trojan-activity;sid:84653111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790012)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"2.56.10.144"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790012/; classtype:trojan-activity;sid:84653112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790013)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.56.10.144"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790013/; classtype:trojan-activity;sid:84653113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.47.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790010/; classtype:trojan-activity;sid:84653110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.99.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790009/; classtype:trojan-activity;sid:84653109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.82.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790008/; classtype:trojan-activity;sid:84653108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.82.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790007/; classtype:trojan-activity;sid:84653107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.34.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790006/; classtype:trojan-activity;sid:84653106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790005)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"pasteur0-lab.alaspasteur.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790005/; classtype:trojan-activity;sid:84653105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.34.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790004/; classtype:trojan-activity;sid:84653104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790003)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"labculture.alaspasteur.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790003/; classtype:trojan-activity;sid:84653103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.161.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790002/; classtype:trojan-activity;sid:84653102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.47.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790001/; classtype:trojan-activity;sid:84653101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790000)"; flow:established,from_client; content:"GET"; http_method; content:"/a.php"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.59.113.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790000/; classtype:trojan-activity;sid:84653100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.14.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789999/; classtype:trojan-activity;sid:84653099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.47.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789998/; classtype:trojan-activity;sid:84653098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789997)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"w9m2kx.alaspasteur.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789997/; classtype:trojan-activity;sid:84653097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.213.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789996/; classtype:trojan-activity;sid:84653096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.152.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789994/; classtype:trojan-activity;sid:84653094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789995)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6962575668/1s3cmox.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"130.12.180.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789995/; classtype:trojan-activity;sid:84653095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.6.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789993/; classtype:trojan-activity;sid:84653093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.152.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789992/; classtype:trojan-activity;sid:84653092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.6.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789991/; classtype:trojan-activity;sid:84653091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.89.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789989/; classtype:trojan-activity;sid:84653089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.52.72.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789990/; classtype:trojan-activity;sid:84653090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.161.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789988/; classtype:trojan-activity;sid:84653088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789987)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"gl4ss-hollow.sheetglass.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789987/; classtype:trojan-activity;sid:84653087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789985)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"94.154.32.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789985/; classtype:trojan-activity;sid:84653085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789986)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"94.154.32.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789986/; classtype:trojan-activity;sid:84653086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789984)"; flow:established,from_client; content:"GET"; http_method; content:"/crewe/cjo/yte/msteams.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.metrosuitesbellavie.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789984/; classtype:trojan-activity;sid:84653084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789982)"; flow:established,from_client; content:"GET"; http_method; content:"/oldapk/all/zhuayoukong/btgame/2511.apk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"dla.zhuayoukong.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789982/; classtype:trojan-activity;sid:84653082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789983)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok18.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"tktkprivate-uz.sbs"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789983/; classtype:trojan-activity;sid:84653083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789981)"; flow:established,from_client; content:"GET"; http_method; content:"/navy.7z"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.161.251.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789981/; classtype:trojan-activity;sid:84653081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789979)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.154.32.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789979/; classtype:trojan-activity;sid:84653079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789980)"; flow:established,from_client; content:"GET"; http_method; content:"/chisel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.110.49.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789980/; classtype:trojan-activity;sid:84653080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.6.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789967/; classtype:trojan-activity;sid:84653067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.0.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789968/; classtype:trojan-activity;sid:84653068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789969)"; flow:established,from_client; content:"GET"; http_method; content:"/us05zoom4jqph8/windows/download.php"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"doyu.digital"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789969/; classtype:trojan-activity;sid:84653069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789970)"; flow:established,from_client; content:"GET"; http_method; content:"/torinconstruction/mcasset3.svg"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"fruitsland.it"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789970/; classtype:trojan-activity;sid:84653070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789971)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"94.154.32.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789971/; classtype:trojan-activity;sid:84653071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789972)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.154.32.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789972/; classtype:trojan-activity;sid:84653072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789973)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.154.32.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789973/; classtype:trojan-activity;sid:84653073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789974)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.154.32.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789974/; classtype:trojan-activity;sid:84653074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789975)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.154.32.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789975/; classtype:trojan-activity;sid:84653075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789976)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"94.154.32.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789976/; classtype:trojan-activity;sid:84653076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789977)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"94.154.32.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789977/; classtype:trojan-activity;sid:84653077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789978)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.154.32.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789978/; classtype:trojan-activity;sid:84653078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789966)"; flow:established,from_client; content:"GET"; http_method; content:"/t4-form9886750012046681.vbs"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"paidinvoicefilesprojectnml.vercel.app"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789966/; classtype:trojan-activity;sid:84653066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789964)"; flow:established,from_client; content:"GET"; http_method; content:"/9242_exploit.py"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"79.110.49.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789964/; classtype:trojan-activity;sid:84653064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789965)"; flow:established,from_client; content:"GET"; http_method; content:"/download/direct/f8f88a3d-e4e4-4936-8ef0-2ab40c8223b8/zoom.setup.scr"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"store-na-phx-3.gofile.io"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789965/; classtype:trojan-activity;sid:84653065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789958)"; flow:established,from_client; content:"GET"; http_method; content:"/14733_exploit.py"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"79.110.49.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789958/; classtype:trojan-activity;sid:84653058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789959)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2026-24423.py"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"79.110.49.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789959/; classtype:trojan-activity;sid:84653059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789960)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2026-21902.py"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"79.110.49.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789960/; classtype:trojan-activity;sid:84653060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789961)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2025-40554.py"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"79.110.49.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789961/; classtype:trojan-activity;sid:84653061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789962)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2025-60021.py"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"79.110.49.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789962/; classtype:trojan-activity;sid:84653062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789963)"; flow:established,from_client; content:"GET"; http_method; content:"/sliver-client_linux"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"63.176.144.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789963/; classtype:trojan-activity;sid:84653063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789956)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2026-24061.py"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"79.110.49.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789956/; classtype:trojan-activity;sid:84653056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789957)"; flow:established,from_client; content:"GET"; http_method; content:"/9242_exploit1.py"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"79.110.49.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789957/; classtype:trojan-activity;sid:84653057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.254.185.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789955/; classtype:trojan-activity;sid:84653055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.52.72.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789954/; classtype:trojan-activity;sid:84653054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.14.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789953/; classtype:trojan-activity;sid:84653053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.28.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789952/; classtype:trojan-activity;sid:84653052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.161.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789951/; classtype:trojan-activity;sid:84653051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.121.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789949/; classtype:trojan-activity;sid:84653049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.114.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789950/; classtype:trojan-activity;sid:84653050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.233.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789948/; classtype:trojan-activity;sid:84653048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789947)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=ysiirxmwrwhoixnp"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"fgwfa66x.isconizloty.digital"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789947/; classtype:trojan-activity;sid:84653047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789946)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"clearpane.sheetglass.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789946/; classtype:trojan-activity;sid:84653046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.251.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789945/; classtype:trojan-activity;sid:84653045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.91.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789944/; classtype:trojan-activity;sid:84653044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.107.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789943/; classtype:trojan-activity;sid:84653043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789942)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"t8qzr.sheetglass.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789942/; classtype:trojan-activity;sid:84653042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.114.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789941/; classtype:trojan-activity;sid:84653041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.96.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789940/; classtype:trojan-activity;sid:84653040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789939)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vityaz1-edge.bulgarvityaz.in.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789939/; classtype:trojan-activity;sid:84653039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.251.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789938/; classtype:trojan-activity;sid:84653038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789937)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ironknight.bulgarvityaz.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789937/; classtype:trojan-activity;sid:84653037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.126.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789936/; classtype:trojan-activity;sid:84653036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.96.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789935/; classtype:trojan-activity;sid:84653035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.70.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789934/; classtype:trojan-activity;sid:84653034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.161.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789933/; classtype:trojan-activity;sid:84653033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.75.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789932/; classtype:trojan-activity;sid:84653032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789931)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=ipefvqgzcmljxxoz"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"k5ia90w1.beleananniver.digital"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789931/; classtype:trojan-activity;sid:84653031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.111.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789930/; classtype:trojan-activity;sid:84653030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789929)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"qz3x8v.bulgarvityaz.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789929/; classtype:trojan-activity;sid:84653029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.120.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789928/; classtype:trojan-activity;sid:84653028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.127.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789927/; classtype:trojan-activity;sid:84653027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789924)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.211.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789924/; classtype:trojan-activity;sid:84653024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789925)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.211.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789925/; classtype:trojan-activity;sid:84653025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789926)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.211.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789926/; classtype:trojan-activity;sid:84653026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789908)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"130.12.180.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789908/; classtype:trojan-activity;sid:84653008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789909)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.12.180.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789909/; classtype:trojan-activity;sid:84653009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789910)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.12.180.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789910/; classtype:trojan-activity;sid:84653010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789911)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"130.12.180.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789911/; classtype:trojan-activity;sid:84653011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789912)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.12.180.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789912/; classtype:trojan-activity;sid:84653012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789913)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"130.12.180.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789913/; classtype:trojan-activity;sid:84653013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789914)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.12.180.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789914/; classtype:trojan-activity;sid:84653014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789915)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.56.10.144"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789915/; classtype:trojan-activity;sid:84653015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789916)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.56.10.144"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789916/; classtype:trojan-activity;sid:84653016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789917)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2.56.10.144"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789917/; classtype:trojan-activity;sid:84653017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789918)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2.56.10.144"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789918/; classtype:trojan-activity;sid:84653018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789919)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2.56.10.144"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789919/; classtype:trojan-activity;sid:84653019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789920)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2.56.10.144"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789920/; classtype:trojan-activity;sid:84653020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789921)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.94.211.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789921/; classtype:trojan-activity;sid:84653021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789922)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.94.211.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789922/; classtype:trojan-activity;sid:84653022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789923)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.211.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789923/; classtype:trojan-activity;sid:84653023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.161.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789907/; classtype:trojan-activity;sid:84653007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.126.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789906/; classtype:trojan-activity;sid:84653006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.75.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789905/; classtype:trojan-activity;sid:84653005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789904)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ecuad0r-mesh.ecuadoriangas.in.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789904/; classtype:trojan-activity;sid:84653004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.70.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789903/; classtype:trojan-activity;sid:84653003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.120.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789902/; classtype:trojan-activity;sid:84653002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789901)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6608710704/1r6sqrc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"130.12.180.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789901/; classtype:trojan-activity;sid:84653001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.45.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789900/; classtype:trojan-activity;sid:84653000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789899)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.132.53.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789899/; classtype:trojan-activity;sid:84652999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789892)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.132.53.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789892/; classtype:trojan-activity;sid:84652992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789893)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.132.53.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789893/; classtype:trojan-activity;sid:84652993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789894)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.132.53.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789894/; classtype:trojan-activity;sid:84652994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789895)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.132.53.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789895/; classtype:trojan-activity;sid:84652995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789896)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.132.53.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789896/; classtype:trojan-activity;sid:84652996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789897)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.132.53.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789897/; classtype:trojan-activity;sid:84652997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789898)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.132.53.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789898/; classtype:trojan-activity;sid:84652998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789886)"; flow:established,from_client; content:"GET"; http_method; content:"/main_spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.84.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789886/; classtype:trojan-activity;sid:84652986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789887)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.84.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789887/; classtype:trojan-activity;sid:84652987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789888)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.132.53.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789888/; classtype:trojan-activity;sid:84652988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789889)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.132.53.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789889/; classtype:trojan-activity;sid:84652989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789890)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.132.53.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789890/; classtype:trojan-activity;sid:84652990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789891)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.132.53.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789891/; classtype:trojan-activity;sid:84652991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.63.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789885/; classtype:trojan-activity;sid:84652985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.26.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789883/; classtype:trojan-activity;sid:84652983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.58.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789884/; classtype:trojan-activity;sid:84652984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789882)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"andesfuel.ecuadoriangas.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789882/; classtype:trojan-activity;sid:84652982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.45.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789881/; classtype:trojan-activity;sid:84652981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.176.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789880/; classtype:trojan-activity;sid:84652980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.63.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789879/; classtype:trojan-activity;sid:84652979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.124.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789878/; classtype:trojan-activity;sid:84652978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.244.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789877/; classtype:trojan-activity;sid:84652977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789876)"; flow:established,from_client; content:"GET"; http_method; content:"/web/encrypt.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"shahamanatme.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789876/; classtype:trojan-activity;sid:84652976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789875)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20260304121125.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"activegroup-bd.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789875/; classtype:trojan-activity;sid:84652975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789874)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1-sttwmic9yrvk9lpbjtwck6rejrjl3_2"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789874/; classtype:trojan-activity;sid:84652974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789873)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1mvtjihhr_ctb-ibzfwyadaair2tjo5tq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789873/; classtype:trojan-activity;sid:84652973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.200.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789872/; classtype:trojan-activity;sid:84652972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789871)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.155.69.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789871/; classtype:trojan-activity;sid:84652971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.26.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789870/; classtype:trojan-activity;sid:84652970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.127.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789869/; classtype:trojan-activity;sid:84652969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789868)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"rabbit-net.rabbitfarm.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789868/; classtype:trojan-activity;sid:84652968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.205.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789867/; classtype:trojan-activity;sid:84652967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.238.189.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789866/; classtype:trojan-activity;sid:84652966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789865)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"farm03.rabbitfarm.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789865/; classtype:trojan-activity;sid:84652965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789864)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=uqxwpeswkfzqynmo"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"amrlb0h2.backorbit.digital"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789864/; classtype:trojan-activity;sid:84652964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.184.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789863/; classtype:trojan-activity;sid:84652963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789862)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7411337060/zcgm9ky.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"130.12.180.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789862/; classtype:trojan-activity;sid:84652962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.235.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789861/; classtype:trojan-activity;sid:84652961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.228.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789860/; classtype:trojan-activity;sid:84652960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789859)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"rabbit-v1.rabbitfarm.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789859/; classtype:trojan-activity;sid:84652959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789858)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=cwziwklbxetiewli"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"cjzsujzp.expresslabina.digital"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789858/; classtype:trojan-activity;sid:84652958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.78.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789857/; classtype:trojan-activity;sid:84652957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.50.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789856/; classtype:trojan-activity;sid:84652956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789855)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=dfdpitryonqsppul"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"f2kpaub7.bullymarvel.digital"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789855/; classtype:trojan-activity;sid:84652955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.238.189.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789854/; classtype:trojan-activity;sid:84652954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.142.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789853/; classtype:trojan-activity;sid:84652953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789852)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.230.219.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789852/; classtype:trojan-activity;sid:84652952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.78.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789850/; classtype:trojan-activity;sid:84652950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.228.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789851/; classtype:trojan-activity;sid:84652951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.235.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789849/; classtype:trojan-activity;sid:84652949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789848)"; flow:established,from_client; content:"GET"; http_method; content:"/25/img_221038.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"96.44.159.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789848/; classtype:trojan-activity;sid:84652948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789846)"; flow:established,from_client; content:"GET"; http_method; content:"/1/axhtymsbrkiems935.css"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"89.185.84.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789846/; classtype:trojan-activity;sid:84652946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789847)"; flow:established,from_client; content:"GET"; http_method; content:"/1/brkiemshaeetwja612.bin"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.185.84.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789847/; classtype:trojan-activity;sid:84652947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789845)"; flow:established,from_client; content:"GET"; http_method; content:"/msi_204850.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"activegroup-bd.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789845/; classtype:trojan-activity;sid:84652945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789842)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20260304151711.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"activegroup-bd.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789842/; classtype:trojan-activity;sid:84652942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789843)"; flow:established,from_client; content:"GET"; http_method; content:"/img_143846.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"activegroup-bd.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789843/; classtype:trojan-activity;sid:84652943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789844)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20260304143946.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"activegroup-bd.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789844/; classtype:trojan-activity;sid:84652944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789841)"; flow:established,from_client; content:"GET"; http_method; content:"/ifit217122/encrypt.ps1"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"madcows.co.nz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789841/; classtype:trojan-activity;sid:84652941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789840)"; flow:established,from_client; content:"GET"; http_method; content:"/oikiokjh/oikiomr.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"fil.ydns.eu"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789840/; classtype:trojan-activity;sid:84652940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.86.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789839/; classtype:trojan-activity;sid:84652939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789838)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"farm-run.rabbitfarm.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789838/; classtype:trojan-activity;sid:84652938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789837)"; flow:established,from_client; content:"GET"; http_method; content:"/oriv1.7.2.0-venry-1upload.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"three.s3.cubbit.eu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789837/; classtype:trojan-activity;sid:84652937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.50.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789836/; classtype:trojan-activity;sid:84652936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789835)"; flow:established,from_client; content:"GET"; http_method; content:"/amb-raw-fileupload.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"three.s3.cubbit.eu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789835/; classtype:trojan-activity;sid:84652935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789832)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1a9cs0o6r-fdx3wc7p04bhkuh1t99jkp0"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789832/; classtype:trojan-activity;sid:84652932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789833)"; flow:established,from_client; content:"GET"; http_method; content:"/raw-file-8383upload%20(3).txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"three.s3.cubbit.eu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789833/; classtype:trojan-activity;sid:84652933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789834)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1fk_ymz89hixumz-d3m3nyo6eioe_uf3c"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789834/; classtype:trojan-activity;sid:84652934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789831)"; flow:established,from_client; content:"GET"; http_method; content:"/6rfdc7.js"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789831/; classtype:trojan-activity;sid:84652931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.228.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789830/; classtype:trojan-activity;sid:84652930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789829)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"talk-sync.grimasdiscuss.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789829/; classtype:trojan-activity;sid:84652929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.130.207.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789828/; classtype:trojan-activity;sid:84652928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789827)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rc2at8o9vg"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"textbin.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789827/; classtype:trojan-activity;sid:84652927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789826)"; flow:established,from_client; content:"GET"; http_method; content:"/xpmqlsbt/raw|3f|part=hold.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"pastefy.app"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789826/; classtype:trojan-activity;sid:84652926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.65.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789825/; classtype:trojan-activity;sid:84652925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789823)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"grim06.grimasdiscuss.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789823/; classtype:trojan-activity;sid:84652923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789824)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/nnlwewcu"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"yaso.su"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789824/; classtype:trojan-activity;sid:84652924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789822)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=clozepabvhbbqeom"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"gb31welb.bullymarvel.digital"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789822/; classtype:trojan-activity;sid:84652922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.50.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789821/; classtype:trojan-activity;sid:84652921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.238.21.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789820/; classtype:trojan-activity;sid:84652920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789819)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"disc-v9.grimasdiscuss.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789819/; classtype:trojan-activity;sid:84652919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789818)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"grim-vault.grimasdiscuss.in.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789818/; classtype:trojan-activity;sid:84652918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.142.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789817/; classtype:trojan-activity;sid:84652917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789816)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/avqb61tvox/document.pdf"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"filebulldogs.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789816/; classtype:trojan-activity;sid:84652916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.65.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789815/; classtype:trojan-activity;sid:84652915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789814)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"down-path.falldown.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789814/; classtype:trojan-activity;sid:84652914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789810)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.12.180.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789810/; classtype:trojan-activity;sid:84652910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789811)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kla.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"130.12.180.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789811/; classtype:trojan-activity;sid:84652911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789812)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.12.180.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789812/; classtype:trojan-activity;sid:84652912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789813)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/w.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.12.180.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789813/; classtype:trojan-activity;sid:84652913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789808)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"130.12.180.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789808/; classtype:trojan-activity;sid:84652908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789809)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"130.12.180.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789809/; classtype:trojan-activity;sid:84652909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.81.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789806/; classtype:trojan-activity;sid:84652906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.90.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789807/; classtype:trojan-activity;sid:84652907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.50.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789805/; classtype:trojan-activity;sid:84652905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.249.209.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789804/; classtype:trojan-activity;sid:84652904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.56.180.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789803/; classtype:trojan-activity;sid:84652903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"server.ayeeman.top"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789802/; classtype:trojan-activity;sid:84652902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789801)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=zbchagarxagxczwc"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bre93qhl.bullymarvel.digital"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789801/; classtype:trojan-activity;sid:84652901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789800)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"fall05.falldown.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789800/; classtype:trojan-activity;sid:84652900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789799)"; flow:established,from_client; content:"GET"; http_method; content:"/74896"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.242.3.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789799/; classtype:trojan-activity;sid:84652899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789798)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"down-v8.falldown.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789798/; classtype:trojan-activity;sid:84652898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.8.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789797/; classtype:trojan-activity;sid:84652897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789796)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"fall-node.falldown.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789796/; classtype:trojan-activity;sid:84652896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.95.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789795/; classtype:trojan-activity;sid:84652895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.227.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789794/; classtype:trojan-activity;sid:84652894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.90.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789793/; classtype:trojan-activity;sid:84652893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.81.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789792/; classtype:trojan-activity;sid:84652892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.79.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789791/; classtype:trojan-activity;sid:84652891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.127.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789790/; classtype:trojan-activity;sid:84652890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.79.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789788/; classtype:trojan-activity;sid:84652888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.184.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789789/; classtype:trojan-activity;sid:84652889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.203.183.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789787/; classtype:trojan-activity;sid:84652887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.42.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789786/; classtype:trojan-activity;sid:84652886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789782)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"151.243.109.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789782/; classtype:trojan-activity;sid:84652882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.62.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789783/; classtype:trojan-activity;sid:84652883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.166.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789784/; classtype:trojan-activity;sid:84652884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.166.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789785/; classtype:trojan-activity;sid:84652885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.111.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789781/; classtype:trojan-activity;sid:84652881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789780)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.203.81.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789780/; classtype:trojan-activity;sid:84652880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789772)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.251.21.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789772/; classtype:trojan-activity;sid:84652872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789773)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.15.136.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789773/; classtype:trojan-activity;sid:84652873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.243.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789774/; classtype:trojan-activity;sid:84652874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.254.185.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789775/; classtype:trojan-activity;sid:84652875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789776)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.84.87.230"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789776/; classtype:trojan-activity;sid:84652876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.243.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789777/; classtype:trojan-activity;sid:84652877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789778)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"101.59.79.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789778/; classtype:trojan-activity;sid:84652878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.254.185.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789779/; classtype:trojan-activity;sid:84652879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789765)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"50.100.63.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789765/; classtype:trojan-activity;sid:84652865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789766)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"69.159.155.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789766/; classtype:trojan-activity;sid:84652866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.182.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789767/; classtype:trojan-activity;sid:84652867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.27.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789768/; classtype:trojan-activity;sid:84652868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789769)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.12.124.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789769/; classtype:trojan-activity;sid:84652869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.182.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789770/; classtype:trojan-activity;sid:84652870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.96.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789771/; classtype:trojan-activity;sid:84652871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789762)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.234.99.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789762/; classtype:trojan-activity;sid:84652862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.28.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789763/; classtype:trojan-activity;sid:84652863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789764)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.170.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789764/; classtype:trojan-activity;sid:84652864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.8.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789761/; classtype:trojan-activity;sid:84652861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789760/; classtype:trojan-activity;sid:84652860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.32.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789759/; classtype:trojan-activity;sid:84652859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.95.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789758/; classtype:trojan-activity;sid:84652858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789755)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6608710704/lny9plo.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"130.12.180.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789755/; classtype:trojan-activity;sid:84652855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789756)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8733674968/kkh6773.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"130.12.180.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789756/; classtype:trojan-activity;sid:84652856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789757)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8566018414/tn7p2pq.ps1"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"130.12.180.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789757/; classtype:trojan-activity;sid:84652857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789754/; classtype:trojan-activity;sid:84652854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.140.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789753/; classtype:trojan-activity;sid:84652853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.140.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789752/; classtype:trojan-activity;sid:84652852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.23.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789751/; classtype:trojan-activity;sid:84652851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.31.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789750/; classtype:trojan-activity;sid:84652850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.214.56.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789749/; classtype:trojan-activity;sid:84652849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.23.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789748/; classtype:trojan-activity;sid:84652848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.32.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789747/; classtype:trojan-activity;sid:84652847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.233.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789746/; classtype:trojan-activity;sid:84652846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.31.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789745/; classtype:trojan-activity;sid:84652845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789744)"; flow:established,from_client; content:"GET"; http_method; content:"/a.php"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1poz.my"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789744/; classtype:trojan-activity;sid:84652844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.192.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789743/; classtype:trojan-activity;sid:84652843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.233.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789742/; classtype:trojan-activity;sid:84652842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789741)"; flow:established,from_client; content:"GET"; http_method; content:"/all.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.77.246.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789741/; classtype:trojan-activity;sid:84652841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789740)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/avqb61tvox/a.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"filebulldogs.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789740/; classtype:trojan-activity;sid:84652840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789739)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/avqb61tvox/f.js"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"filebulldogs.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789739/; classtype:trojan-activity;sid:84652839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.206.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789738/; classtype:trojan-activity;sid:84652838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"108.168.0.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789737/; classtype:trojan-activity;sid:84652837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.18.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789736/; classtype:trojan-activity;sid:84652836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.249.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789735/; classtype:trojan-activity;sid:84652835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.62.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789734/; classtype:trojan-activity;sid:84652834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.206.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789733/; classtype:trojan-activity;sid:84652833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789732/; classtype:trojan-activity;sid:84652832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.144.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789731/; classtype:trojan-activity;sid:84652831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.169.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789730/; classtype:trojan-activity;sid:84652830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.249.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789729/; classtype:trojan-activity;sid:84652829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.62.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789728/; classtype:trojan-activity;sid:84652828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.18.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789727/; classtype:trojan-activity;sid:84652827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.169.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789726/; classtype:trojan-activity;sid:84652826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.227.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789725/; classtype:trojan-activity;sid:84652825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.54.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789724/; classtype:trojan-activity;sid:84652824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.102.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789723/; classtype:trojan-activity;sid:84652823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.195.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789722/; classtype:trojan-activity;sid:84652822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789721)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tryinggim.vbs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"crixup.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789721/; classtype:trojan-activity;sid:84652821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.52.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789720/; classtype:trojan-activity;sid:84652820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.54.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789719/; classtype:trojan-activity;sid:84652819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789713)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"130.12.180.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789713/; classtype:trojan-activity;sid:84652813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789714)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.12.180.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789714/; classtype:trojan-activity;sid:84652814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789715)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.12.180.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789715/; classtype:trojan-activity;sid:84652815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789716)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"130.12.180.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789716/; classtype:trojan-activity;sid:84652816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789717)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"130.12.180.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789717/; classtype:trojan-activity;sid:84652817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789718)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"130.12.180.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789718/; classtype:trojan-activity;sid:84652818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789712)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.141.58.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789712/; classtype:trojan-activity;sid:84652812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.130.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789711/; classtype:trojan-activity;sid:84652811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.81.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789710/; classtype:trojan-activity;sid:84652810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.130.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789709/; classtype:trojan-activity;sid:84652809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.45.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789708/; classtype:trojan-activity;sid:84652808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.81.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789707/; classtype:trojan-activity;sid:84652807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.152.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789706/; classtype:trojan-activity;sid:84652806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.76.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789705/; classtype:trojan-activity;sid:84652805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.163.68.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789704/; classtype:trojan-activity;sid:84652804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.146.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789703/; classtype:trojan-activity;sid:84652803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.45.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789702/; classtype:trojan-activity;sid:84652802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.182.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789701/; classtype:trojan-activity;sid:84652801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.102.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789700/; classtype:trojan-activity;sid:84652800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.202.89.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789698/; classtype:trojan-activity;sid:84652798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.61.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789699/; classtype:trojan-activity;sid:84652799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.163.68.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789697/; classtype:trojan-activity;sid:84652797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.244.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789696/; classtype:trojan-activity;sid:84652796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.66.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789695/; classtype:trojan-activity;sid:84652795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.66.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789694/; classtype:trojan-activity;sid:84652794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.244.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789693/; classtype:trojan-activity;sid:84652793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.245.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789692/; classtype:trojan-activity;sid:84652792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.18.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789691/; classtype:trojan-activity;sid:84652791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.245.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789690/; classtype:trojan-activity;sid:84652790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.182.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789689/; classtype:trojan-activity;sid:84652789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.18.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789688/; classtype:trojan-activity;sid:84652788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.51.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789687/; classtype:trojan-activity;sid:84652787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.105.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789686/; classtype:trojan-activity;sid:84652786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.29.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789685/; classtype:trojan-activity;sid:84652785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.214.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789684/; classtype:trojan-activity;sid:84652784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.252.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789683/; classtype:trojan-activity;sid:84652783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.102.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789682/; classtype:trojan-activity;sid:84652782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.223.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789681/; classtype:trojan-activity;sid:84652781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789680/; classtype:trojan-activity;sid:84652780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.55.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789678/; classtype:trojan-activity;sid:84652778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.29.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789679/; classtype:trojan-activity;sid:84652779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.105.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789677/; classtype:trojan-activity;sid:84652777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.42.88.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789676/; classtype:trojan-activity;sid:84652776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.230.229.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789675/; classtype:trojan-activity;sid:84652775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.215.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789674/; classtype:trojan-activity;sid:84652774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.42.88.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789673/; classtype:trojan-activity;sid:84652773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.112.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789672/; classtype:trojan-activity;sid:84652772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.230.229.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789671/; classtype:trojan-activity;sid:84652771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.99.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789670/; classtype:trojan-activity;sid:84652770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.215.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789669/; classtype:trojan-activity;sid:84652769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.109.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789668/; classtype:trojan-activity;sid:84652768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.238.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789667/; classtype:trojan-activity;sid:84652767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.91.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789666/; classtype:trojan-activity;sid:84652766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.252.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789665/; classtype:trojan-activity;sid:84652765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.101.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789664/; classtype:trojan-activity;sid:84652764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.252.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789663/; classtype:trojan-activity;sid:84652763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.124.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789662/; classtype:trojan-activity;sid:84652762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.101.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789661/; classtype:trojan-activity;sid:84652761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.246.114.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789660/; classtype:trojan-activity;sid:84652760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.145.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789659/; classtype:trojan-activity;sid:84652759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.124.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789658/; classtype:trojan-activity;sid:84652758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.183.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789657/; classtype:trojan-activity;sid:84652757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.145.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789656/; classtype:trojan-activity;sid:84652756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.183.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789655/; classtype:trojan-activity;sid:84652755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.76.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789654/; classtype:trojan-activity;sid:84652754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.47.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789653/; classtype:trojan-activity;sid:84652753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.145.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789652/; classtype:trojan-activity;sid:84652752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.10.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789651/; classtype:trojan-activity;sid:84652751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.241.136.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789650/; classtype:trojan-activity;sid:84652750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.1.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789649/; classtype:trojan-activity;sid:84652749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789648)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"atroph-hub.atrophlearn.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789648/; classtype:trojan-activity;sid:84652748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.145.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789647/; classtype:trojan-activity;sid:84652747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.47.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789646/; classtype:trojan-activity;sid:84652746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789645)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"out-flow.platypusout.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789645/; classtype:trojan-activity;sid:84652745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.155.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789644/; classtype:trojan-activity;sid:84652744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.63.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789643/; classtype:trojan-activity;sid:84652743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789642)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"plat04.platypusout.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789642/; classtype:trojan-activity;sid:84652742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.10.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789641/; classtype:trojan-activity;sid:84652741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.255.29.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789640/; classtype:trojan-activity;sid:84652740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789639)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"out-v5.platypusout.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789639/; classtype:trojan-activity;sid:84652739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.88.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789638/; classtype:trojan-activity;sid:84652738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.63.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789637/; classtype:trojan-activity;sid:84652737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789636)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"plat-gate.platypusout.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789636/; classtype:trojan-activity;sid:84652736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.224.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789635/; classtype:trojan-activity;sid:84652735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.235.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789634/; classtype:trojan-activity;sid:84652734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.195.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789633/; classtype:trojan-activity;sid:84652733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789632)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"phys-sync.dysenteryphysics.in.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789632/; classtype:trojan-activity;sid:84652732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.1.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789631/; classtype:trojan-activity;sid:84652731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.73.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789630/; classtype:trojan-activity;sid:84652730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.255.29.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789629/; classtype:trojan-activity;sid:84652729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.163.91.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789628/; classtype:trojan-activity;sid:84652728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789627)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"physics09.dysenteryphysics.in.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789627/; classtype:trojan-activity;sid:84652727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.16.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789626/; classtype:trojan-activity;sid:84652726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789625)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dys-v4.dysenteryphysics.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789625/; classtype:trojan-activity;sid:84652725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.230.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789624/; classtype:trojan-activity;sid:84652724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.100.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789623/; classtype:trojan-activity;sid:84652723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789620)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.141.58.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789620/; classtype:trojan-activity;sid:84652720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789621)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.141.58.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789621/; classtype:trojan-activity;sid:84652721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789622)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.141.58.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789622/; classtype:trojan-activity;sid:84652722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789611)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.141.58.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789611/; classtype:trojan-activity;sid:84652711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789612)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.141.58.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789612/; classtype:trojan-activity;sid:84652712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789613)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.141.58.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789613/; classtype:trojan-activity;sid:84652713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789614)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.141.58.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789614/; classtype:trojan-activity;sid:84652714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789615)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.141.58.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789615/; classtype:trojan-activity;sid:84652715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789616)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.141.58.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789616/; classtype:trojan-activity;sid:84652716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789617)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.141.58.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789617/; classtype:trojan-activity;sid:84652717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789618)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.141.58.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789618/; classtype:trojan-activity;sid:84652718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789619)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"45.141.58.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789619/; classtype:trojan-activity;sid:84652719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789610)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"phys-unit.dysenteryphysics.in.net"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789610/; classtype:trojan-activity;sid:84652710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.100.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789609/; classtype:trojan-activity;sid:84652709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.230.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789608/; classtype:trojan-activity;sid:84652708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789607)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"past01.pastorsorny.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789607/; classtype:trojan-activity;sid:84652707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789606)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sorny-v3.pastorsorny.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789606/; classtype:trojan-activity;sid:84652706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.190.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789605/; classtype:trojan-activity;sid:84652705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789604/; classtype:trojan-activity;sid:84652704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789603)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"past-core.pastorsorny.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789603/; classtype:trojan-activity;sid:84652703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.1.187"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789602/; classtype:trojan-activity;sid:84652702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789601)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"long-run.longtime.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789601/; classtype:trojan-activity;sid:84652701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.66.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789600/; classtype:trojan-activity;sid:84652700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.107.93.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789599/; classtype:trojan-activity;sid:84652699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789597)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"chrono07.longtime.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789597/; classtype:trojan-activity;sid:84652697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789598)"; flow:established,from_client; content:"GET"; http_method; content:"/openclaw"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"openclaw.official-version.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789598/; classtype:trojan-activity;sid:84652698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789596)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"time-v2.longtime.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789596/; classtype:trojan-activity;sid:84652696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.13.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789595/; classtype:trojan-activity;sid:84652695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789594)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"long-site.longtime.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789594/; classtype:trojan-activity;sid:84652694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.187.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789593/; classtype:trojan-activity;sid:84652693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789592)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sync-base.multilsacred.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789592/; classtype:trojan-activity;sid:84652692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.13.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789591/; classtype:trojan-activity;sid:84652691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.217.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789590/; classtype:trojan-activity;sid:84652690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789589)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"multi03.multilsacred.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789589/; classtype:trojan-activity;sid:84652689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.187.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789588/; classtype:trojan-activity;sid:84652688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.108.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789587/; classtype:trojan-activity;sid:84652687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789586)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sacred-v1.multilsacred.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789586/; classtype:trojan-activity;sid:84652686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789585)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"multi-node.multilsacred.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789585/; classtype:trojan-activity;sid:84652685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789584/; classtype:trojan-activity;sid:84652684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.108.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789583/; classtype:trojan-activity;sid:84652683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.217.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789582/; classtype:trojan-activity;sid:84652682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789581)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"wolf01.wolfhaven.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789581/; classtype:trojan-activity;sid:84652681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789580)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"wild-sync.wolfhaven.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789580/; classtype:trojan-activity;sid:84652680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789579)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"haven-v9.wolfhaven.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789579/; classtype:trojan-activity;sid:84652679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.203.237.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789578/; classtype:trojan-activity;sid:84652678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.80.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789577/; classtype:trojan-activity;sid:84652677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789576)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"wolf-run.wolfhaven.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789576/; classtype:trojan-activity;sid:84652676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.203.237.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789575/; classtype:trojan-activity;sid:84652675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789574)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"star06.starhaven.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789574/; classtype:trojan-activity;sid:84652674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.88.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789573/; classtype:trojan-activity;sid:84652673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789572)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"astro-net.starhaven.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789572/; classtype:trojan-activity;sid:84652672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.5.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789571/; classtype:trojan-activity;sid:84652671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789570)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"haven-v8.starhaven.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789570/; classtype:trojan-activity;sid:84652670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789569)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"star-gate.starhaven.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789569/; classtype:trojan-activity;sid:84652669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789568)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iron08.ironhaven.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789568/; classtype:trojan-activity;sid:84652668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.231.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789567/; classtype:trojan-activity;sid:84652667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.70.13.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789566/; classtype:trojan-activity;sid:84652666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789565)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"metal-sync.ironhaven.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789565/; classtype:trojan-activity;sid:84652665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.52.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789564/; classtype:trojan-activity;sid:84652664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789563)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"haven-v7.ironhaven.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789563/; classtype:trojan-activity;sid:84652663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.60.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789561/; classtype:trojan-activity;sid:84652661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.147.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789562/; classtype:trojan-activity;sid:84652662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789560)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iron-vault.ironhaven.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789560/; classtype:trojan-activity;sid:84652660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789559/; classtype:trojan-activity;sid:84652659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.231.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789558/; classtype:trojan-activity;sid:84652658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789557)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"oak05.oakshaven.in.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789557/; classtype:trojan-activity;sid:84652657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.60.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789556/; classtype:trojan-activity;sid:84652656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789555)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"wood-net.oakshaven.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789555/; classtype:trojan-activity;sid:84652655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.13.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789554/; classtype:trojan-activity;sid:84652654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789553)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"haven-v6.oakshaven.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789553/; classtype:trojan-activity;sid:84652653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.147.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789552/; classtype:trojan-activity;sid:84652652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.100.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789551/; classtype:trojan-activity;sid:84652651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789550)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"oak-path.oakshaven.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789550/; classtype:trojan-activity;sid:84652650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789549)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"lake09.lakehaven.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789549/; classtype:trojan-activity;sid:84652649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.201.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789548/; classtype:trojan-activity;sid:84652648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789547)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"aqua-sync.lakehaven.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789547/; classtype:trojan-activity;sid:84652647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.251.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789546/; classtype:trojan-activity;sid:84652646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789545)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"haven-v5.lakehaven.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789545/; classtype:trojan-activity;sid:84652645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.100.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789544/; classtype:trojan-activity;sid:84652644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789543)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"lake-site.lakehaven.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789543/; classtype:trojan-activity;sid:84652643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789542)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"wind02.windhaven.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789542/; classtype:trojan-activity;sid:84652642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789541)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"air-flow.windhaven.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789541/; classtype:trojan-activity;sid:84652641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.180.172.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789540/; classtype:trojan-activity;sid:84652640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.201.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789539/; classtype:trojan-activity;sid:84652639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.226.172.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789538/; classtype:trojan-activity;sid:84652638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789537)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"haven-v4.windhaven.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789537/; classtype:trojan-activity;sid:84652637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.48.157.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789536/; classtype:trojan-activity;sid:84652636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789535)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"wind-unit.windhaven.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789535/; classtype:trojan-activity;sid:84652635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789534)"; flow:established,from_client; content:"GET"; http_method; content:"/img/optimized_msi.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"192.3.176.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789534/; classtype:trojan-activity;sid:84652634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789533)"; flow:established,from_client; content:"GET"; http_method; content:"/img_163302.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"angelbridtechnologyltd.kesug.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789533/; classtype:trojan-activity;sid:84652633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789532)"; flow:established,from_client; content:"GET"; http_method; content:"/img_064700.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"goldenangel.wuaze.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789532/; classtype:trojan-activity;sid:84652632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.48.157.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789531/; classtype:trojan-activity;sid:84652631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.180.172.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789530/; classtype:trojan-activity;sid:84652630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789529)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"stone04.stonehaven.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789529/; classtype:trojan-activity;sid:84652629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.91.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789528/; classtype:trojan-activity;sid:84652628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.226.172.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789527/; classtype:trojan-activity;sid:84652627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789526)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"rock-net.stonehaven.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789526/; classtype:trojan-activity;sid:84652626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789525)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"haven-v3.stonehaven.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789525/; classtype:trojan-activity;sid:84652625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.175.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789524/; classtype:trojan-activity;sid:84652624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789523)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"stone-base.stonehaven.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789523/; classtype:trojan-activity;sid:84652623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789522)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dark01.darkhaven.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789522/; classtype:trojan-activity;sid:84652622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.207.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789521/; classtype:trojan-activity;sid:84652621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789520)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"void-sync.darkhaven.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789520/; classtype:trojan-activity;sid:84652620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789519)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"haven-x.darkhaven.in.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789519/; classtype:trojan-activity;sid:84652619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789518)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dark-core.darkhaven.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789518/; classtype:trojan-activity;sid:84652618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.71.49.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789517/; classtype:trojan-activity;sid:84652617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.206.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789516/; classtype:trojan-activity;sid:84652616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.213.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789515/; classtype:trojan-activity;sid:84652615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.69.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789514/; classtype:trojan-activity;sid:84652614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789513)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"gold07.goldhaven.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789513/; classtype:trojan-activity;sid:84652613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.166.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789512/; classtype:trojan-activity;sid:84652612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.183.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789511/; classtype:trojan-activity;sid:84652611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.71.49.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789510/; classtype:trojan-activity;sid:84652610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789509)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"aurum-net.goldhaven.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789509/; classtype:trojan-activity;sid:84652609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.100.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789508/; classtype:trojan-activity;sid:84652608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789507)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"haven-v2.goldhaven.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789507/; classtype:trojan-activity;sid:84652607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.69.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789506/; classtype:trojan-activity;sid:84652606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789505)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"gold-hub.goldhaven.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789505/; classtype:trojan-activity;sid:84652605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789504)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789504/; classtype:trojan-activity;sid:84652604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789503)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"blue03.bluehaven.in.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789503/; classtype:trojan-activity;sid:84652603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.247.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789502/; classtype:trojan-activity;sid:84652602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789501)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sky-sync.bluehaven.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789501/; classtype:trojan-activity;sid:84652601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.20.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789500/; classtype:trojan-activity;sid:84652600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789499)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"haven-v1.bluehaven.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789499/; classtype:trojan-activity;sid:84652599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.91.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789498/; classtype:trojan-activity;sid:84652598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.62.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789497/; classtype:trojan-activity;sid:84652597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.177.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789496/; classtype:trojan-activity;sid:84652596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789495)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"blue-node.bluehaven.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789495/; classtype:trojan-activity;sid:84652595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.176.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789494/; classtype:trojan-activity;sid:84652594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"74.214.56.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789493/; classtype:trojan-activity;sid:84652593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.152.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789492/; classtype:trojan-activity;sid:84652592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.247.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789491/; classtype:trojan-activity;sid:84652591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.34.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789490/; classtype:trojan-activity;sid:84652590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.176.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789489/; classtype:trojan-activity;sid:84652589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.34.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789488/; classtype:trojan-activity;sid:84652588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.152.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789487/; classtype:trojan-activity;sid:84652587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.39.19.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789486/; classtype:trojan-activity;sid:84652586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.107.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789485/; classtype:trojan-activity;sid:84652585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789484)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=fzidzqfskzzjbfrx"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"8a2yizw9.earedteach.digital"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789484/; classtype:trojan-activity;sid:84652584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789483)"; flow:established,from_client; content:"GET"; http_method; content:"/sun_oray_x64.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"oraypc.com.cn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789483/; classtype:trojan-activity;sid:84652583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789482)"; flow:established,from_client; content:"GET"; http_method; content:"/awesun_16.0.0.22931_x64_patched.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"orayz.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789482/; classtype:trojan-activity;sid:84652582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789481)"; flow:established,from_client; content:"GET"; http_method; content:"/evilgrou-tech/drive/refs/heads/main/launcher.bat"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789481/; classtype:trojan-activity;sid:84652581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789479)"; flow:established,from_client; content:"GET"; http_method; content:"/evilgrou-tech/drive/refs/heads/main/forex.ps1"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789479/; classtype:trojan-activity;sid:84652579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789480)"; flow:established,from_client; content:"GET"; http_method; content:"/evilgrou-tech/drive/refs/heads/main/pz-reversals.ps1"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789480/; classtype:trojan-activity;sid:84652580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.68.198.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789478/; classtype:trojan-activity;sid:84652578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.235.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789477/; classtype:trojan-activity;sid:84652577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.191.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789476/; classtype:trojan-activity;sid:84652576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.102.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789475/; classtype:trojan-activity;sid:84652575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.230.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789474/; classtype:trojan-activity;sid:84652574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.234.207.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789473/; classtype:trojan-activity;sid:84652573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.191.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789472/; classtype:trojan-activity;sid:84652572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789471)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789471/; classtype:trojan-activity;sid:84652571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789470)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"35.231.116.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789470/; classtype:trojan-activity;sid:84652570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.230.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789469/; classtype:trojan-activity;sid:84652569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.155.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789468/; classtype:trojan-activity;sid:84652568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.112.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789467/; classtype:trojan-activity;sid:84652567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789466)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/csplay138.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"csplay168.games"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789466/; classtype:trojan-activity;sid:84652566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789464)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/fullbet138.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"fullbet138.games"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789464/; classtype:trojan-activity;sid:84652564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789465)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/spacemanslot88.apk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"spacemanslot88.games"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789465/; classtype:trojan-activity;sid:84652565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789463)"; flow:established,from_client; content:"GET"; http_method; content:"/pptv(pplive)_forap_1084_9993.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"download.pplive.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789463/; classtype:trojan-activity;sid:84652563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789461)"; flow:established,from_client; content:"GET"; http_method; content:"/ti/dajoke2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"imagefiles-backup.oss-ap-southeast-7.aliyuncs.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789461/; classtype:trojan-activity;sid:84652561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789460)"; flow:established,from_client; content:"GET"; http_method; content:"/screenconnect.clientsetup.msi"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"pub-c62500800d9244beabd2934a10b4770b.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789460/; classtype:trojan-activity;sid:84652560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789459)"; flow:established,from_client; content:"GET"; http_method; content:"/app_sub/pkg/tcpatel-tcpateiu-release-2.0.apk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"apk.tcpateiu.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789459/; classtype:trojan-activity;sid:84652559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789458)"; flow:established,from_client; content:"GET"; http_method; content:"/%e3%83%87%e3%83%bc%e3%82%bf%e3%83%ac%e3%83%9d%e3%83%bc%e3%83%88.rar"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"168-1393918816.cos.ap-tokyo.myqcloud.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789458/; classtype:trojan-activity;sid:84652558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.234.207.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789456/; classtype:trojan-activity;sid:84652556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789457)"; flow:established,from_client; content:"GET"; http_method; content:"/public/alamintelecomv1.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"alamintelecom.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789457/; classtype:trojan-activity;sid:84652557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.68.198.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789455/; classtype:trojan-activity;sid:84652555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.155.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789454/; classtype:trojan-activity;sid:84652554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.67.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789453/; classtype:trojan-activity;sid:84652553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.112.189.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789452/; classtype:trojan-activity;sid:84652552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.112.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789451/; classtype:trojan-activity;sid:84652551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789450)"; flow:established,from_client; content:"GET"; http_method; content:"/printerm.psd"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"107.173.143.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789450/; classtype:trojan-activity;sid:84652550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789444)"; flow:established,from_client; content:"GET"; http_method; content:"/pere61.mdp"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"107.173.143.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789444/; classtype:trojan-activity;sid:84652544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789445)"; flow:established,from_client; content:"GET"; http_method; content:"/ddssyn.aaf"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"107.173.143.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789445/; classtype:trojan-activity;sid:84652545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789446)"; flow:established,from_client; content:"GET"; http_method; content:"/terri.toc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.173.143.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789446/; classtype:trojan-activity;sid:84652546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789447)"; flow:established,from_client; content:"GET"; http_method; content:"/fjhertlkrby141.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"107.173.143.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789447/; classtype:trojan-activity;sid:84652547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789448)"; flow:established,from_client; content:"GET"; http_method; content:"/hqxzltgggieidqtl65.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"107.173.143.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789448/; classtype:trojan-activity;sid:84652548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789449)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"yandex-app.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789449/; classtype:trojan-activity;sid:84652549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.114.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789443/; classtype:trojan-activity;sid:84652543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.86.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789442/; classtype:trojan-activity;sid:84652542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.150.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789441/; classtype:trojan-activity;sid:84652541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.95.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789440/; classtype:trojan-activity;sid:84652540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.67.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789439/; classtype:trojan-activity;sid:84652539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.152.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789437/; classtype:trojan-activity;sid:84652537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.221.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789438/; classtype:trojan-activity;sid:84652538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.32.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789436/; classtype:trojan-activity;sid:84652536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.213.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789435/; classtype:trojan-activity;sid:84652535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.95.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789434/; classtype:trojan-activity;sid:84652534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.235.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789433/; classtype:trojan-activity;sid:84652533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.184.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789432/; classtype:trojan-activity;sid:84652532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.233.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789431/; classtype:trojan-activity;sid:84652531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.152.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789430/; classtype:trojan-activity;sid:84652530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.254.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789429/; classtype:trojan-activity;sid:84652529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.112.189.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789428/; classtype:trojan-activity;sid:84652528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.254.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789427/; classtype:trojan-activity;sid:84652527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.186.230.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789426/; classtype:trojan-activity;sid:84652526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.184.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789425/; classtype:trojan-activity;sid:84652525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.233.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789423/; classtype:trojan-activity;sid:84652523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.14.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789424/; classtype:trojan-activity;sid:84652524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.86.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789422/; classtype:trojan-activity;sid:84652522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789421)"; flow:established,from_client; content:"GET"; http_method; content:"/img/a/optimized_msi.png"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"192.3.176.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789421/; classtype:trojan-activity;sid:84652521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789420)"; flow:established,from_client; content:"GET"; http_method; content:"/jesses.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"62.60.226.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789420/; classtype:trojan-activity;sid:84652520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.144.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789419/; classtype:trojan-activity;sid:84652519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.14.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789418/; classtype:trojan-activity;sid:84652518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.235.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789417/; classtype:trojan-activity;sid:84652517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.70.228.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789416/; classtype:trojan-activity;sid:84652516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.144.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789415/; classtype:trojan-activity;sid:84652515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.246.85.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789414/; classtype:trojan-activity;sid:84652514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.238.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789413/; classtype:trojan-activity;sid:84652513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.235.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789412/; classtype:trojan-activity;sid:84652512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.238.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789411/; classtype:trojan-activity;sid:84652511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.233.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789410/; classtype:trojan-activity;sid:84652510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.128.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789409/; classtype:trojan-activity;sid:84652509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.78.209.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789408/; classtype:trojan-activity;sid:84652508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789407)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"doth09.caliphdotham.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789407/; classtype:trojan-activity;sid:84652507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.95.54.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789406/; classtype:trojan-activity;sid:84652506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.128.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789405/; classtype:trojan-activity;sid:84652505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.116.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789404/; classtype:trojan-activity;sid:84652504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.233.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789403/; classtype:trojan-activity;sid:84652503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.95.54.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789402/; classtype:trojan-activity;sid:84652502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789401)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cal-v1.caliphdotham.in.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789401/; classtype:trojan-activity;sid:84652501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.53.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789399/; classtype:trojan-activity;sid:84652499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.47.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789400/; classtype:trojan-activity;sid:84652500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.190.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789398/; classtype:trojan-activity;sid:84652498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.127.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789397/; classtype:trojan-activity;sid:84652497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.93.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789396/; classtype:trojan-activity;sid:84652496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.248.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789395/; classtype:trojan-activity;sid:84652495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.5.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789394/; classtype:trojan-activity;sid:84652494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.116.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789393/; classtype:trojan-activity;sid:84652493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.141.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789392/; classtype:trojan-activity;sid:84652492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.147.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789391/; classtype:trojan-activity;sid:84652491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789390)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"doth-sync.caliphdotham.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789390/; classtype:trojan-activity;sid:84652490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789389)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=lggfeaqvjwlivouz"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"olf4rjbg.hardmosolenog.digital"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789389/; classtype:trojan-activity;sid:84652489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.199.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789388/; classtype:trojan-activity;sid:84652488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.251.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789387/; classtype:trojan-activity;sid:84652487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.93.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789386/; classtype:trojan-activity;sid:84652486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.173.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789385/; classtype:trojan-activity;sid:84652485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.61.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789384/; classtype:trojan-activity;sid:84652484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.173.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789383/; classtype:trojan-activity;sid:84652483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.141.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789382/; classtype:trojan-activity;sid:84652482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789381)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cal-node.caliphdotham.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789381/; classtype:trojan-activity;sid:84652481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.121.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789379/; classtype:trojan-activity;sid:84652479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.9.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789380/; classtype:trojan-activity;sid:84652480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789378)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.199.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789378/; classtype:trojan-activity;sid:84652478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.47.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789377/; classtype:trojan-activity;sid:84652477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.1.187"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789376/; classtype:trojan-activity;sid:84652476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.26.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789375/; classtype:trojan-activity;sid:84652475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789373)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"susp03.suspendvector.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789373/; classtype:trojan-activity;sid:84652473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789374)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|=check|7c|26|7c||7c|26|7c|actmn=earrcvnuxjtutqld"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"2v42nbtg.deliainaturner.digital"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789374/; classtype:trojan-activity;sid:84652474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.121.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789372/; classtype:trojan-activity;sid:84652472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789371)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vec-v1.suspendvector.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789371/; classtype:trojan-activity;sid:84652471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.135.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789370/; classtype:trojan-activity;sid:84652470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789369)"; flow:established,from_client; content:"GET"; http_method; content:"/kbikdoe.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mobshah.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789369/; classtype:trojan-activity;sid:84652469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.107.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789368/; classtype:trojan-activity;sid:84652468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789367)"; flow:established,from_client; content:"GET"; http_method; content:"/sys.vbs"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dmaii.co"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789367/; classtype:trojan-activity;sid:84652467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789366)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7309295924/tnrqgul.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"130.12.180.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789366/; classtype:trojan-activity;sid:84652466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789365)"; flow:established,from_client; content:"GET"; http_method; content:"/force/win_driver_ssl_support_v43.22.209.44.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"mgtms.cc"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789365/; classtype:trojan-activity;sid:84652465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789364)"; flow:established,from_client; content:"GET"; http_method; content:"/100/img_043611.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"192.3.176.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789364/; classtype:trojan-activity;sid:84652464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789363)"; flow:established,from_client; content:"GET"; http_method; content:"/force/printer_driver_ssl_support_v43.22.209.99.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"mgtms.cc"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789363/; classtype:trojan-activity;sid:84652463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789359)"; flow:established,from_client; content:"GET"; http_method; content:"/file/fac_2026_1819465741.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"workflow-rest-wars-cargo.trycloudflare.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789359/; classtype:trojan-activity;sid:84652459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789360)"; flow:established,from_client; content:"GET"; http_method; content:"/axqgcwj.bat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"workflow-rest-wars-cargo.trycloudflare.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789360/; classtype:trojan-activity;sid:84652460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789361)"; flow:established,from_client; content:"GET"; http_method; content:"/dwgyuyb.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"workflow-rest-wars-cargo.trycloudflare.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789361/; classtype:trojan-activity;sid:84652461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789362)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/a.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"workflow-rest-wars-cargo.trycloudflare.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789362/; classtype:trojan-activity;sid:84652462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789358)"; flow:established,from_client; content:"GET"; http_method; content:"/tcjvzdz.wsh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"workflow-rest-wars-cargo.trycloudflare.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789358/; classtype:trojan-activity;sid:84652458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789357)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%90%9c%e7%8b%97%e6%8b%bc%e9%9f%b3%e8%be%93%e5%85%a5%e6%b3%95.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"www.sogou-shurufa.help"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789357/; classtype:trojan-activity;sid:84652457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789356)"; flow:established,from_client; content:"GET"; http_method; content:"/kgsltpy.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"workflow-rest-wars-cargo.trycloudflare.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789356/; classtype:trojan-activity;sid:84652456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789353)"; flow:established,from_client; content:"GET"; http_method; content:"/yguzspb.bat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"workflow-rest-wars-cargo.trycloudflare.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789353/; classtype:trojan-activity;sid:84652453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789354)"; flow:established,from_client; content:"GET"; http_method; content:"/jibjtkn.wsh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"workflow-rest-wars-cargo.trycloudflare.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789354/; classtype:trojan-activity;sid:84652454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789355)"; flow:established,from_client; content:"GET"; http_method; content:"/file/fac_2026_5784037900.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"workflow-rest-wars-cargo.trycloudflare.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789355/; classtype:trojan-activity;sid:84652455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.230.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789352/; classtype:trojan-activity;sid:84652452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.149.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789351/; classtype:trojan-activity;sid:84652451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.47.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789350/; classtype:trojan-activity;sid:84652450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789349)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"susp-node.suspendvector.in.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789349/; classtype:trojan-activity;sid:84652449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.135.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789348/; classtype:trojan-activity;sid:84652448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.255.29.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789347/; classtype:trojan-activity;sid:84652447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.92.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789346/; classtype:trojan-activity;sid:84652446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.182.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789345/; classtype:trojan-activity;sid:84652445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.173.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789344/; classtype:trojan-activity;sid:84652444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789343)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vec-core.suspendvector.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789343/; classtype:trojan-activity;sid:84652443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.149.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789342/; classtype:trojan-activity;sid:84652442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789341)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789341/; classtype:trojan-activity;sid:84652441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789332)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789332/; classtype:trojan-activity;sid:84652432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789333)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789333/; classtype:trojan-activity;sid:84652433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789334)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789334/; classtype:trojan-activity;sid:84652434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789335)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789335/; classtype:trojan-activity;sid:84652435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789336)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789336/; classtype:trojan-activity;sid:84652436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789337)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"130.12.180.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789337/; classtype:trojan-activity;sid:84652437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789338)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.12.180.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789338/; classtype:trojan-activity;sid:84652438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789339)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789339/; classtype:trojan-activity;sid:84652439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789340)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.52.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789340/; classtype:trojan-activity;sid:84652440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789331/; classtype:trojan-activity;sid:84652431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.173.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789330/; classtype:trojan-activity;sid:84652430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.5.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789329/; classtype:trojan-activity;sid:84652429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789328)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"rot04.croprotation.in.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789328/; classtype:trojan-activity;sid:84652428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.9.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789327/; classtype:trojan-activity;sid:84652427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.51.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789326/; classtype:trojan-activity;sid:84652426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.65.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789325/; classtype:trojan-activity;sid:84652425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789324)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"crop-v2.croprotation.in.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789324/; classtype:trojan-activity;sid:84652424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.242.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789323/; classtype:trojan-activity;sid:84652423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.24.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789322/; classtype:trojan-activity;sid:84652422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.226.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789321/; classtype:trojan-activity;sid:84652421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789320)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"rot-node.croprotation.in.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789320/; classtype:trojan-activity;sid:84652420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.50.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789319/; classtype:trojan-activity;sid:84652419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.102.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789318/; classtype:trojan-activity;sid:84652418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.24.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789317/; classtype:trojan-activity;sid:84652417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.31.201.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789316/; classtype:trojan-activity;sid:84652416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.242.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789315/; classtype:trojan-activity;sid:84652415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.77.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789314/; classtype:trojan-activity;sid:84652414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.31.201.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789313/; classtype:trojan-activity;sid:84652413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.240.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789312/; classtype:trojan-activity;sid:84652412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.40.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789311/; classtype:trojan-activity;sid:84652411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.208.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789310/; classtype:trojan-activity;sid:84652410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.240.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789309/; classtype:trojan-activity;sid:84652409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.231.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789308/; classtype:trojan-activity;sid:84652408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.102.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789307/; classtype:trojan-activity;sid:84652407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.40.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789306/; classtype:trojan-activity;sid:84652406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.94.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789304/; classtype:trojan-activity;sid:84652404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.6.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789305/; classtype:trojan-activity;sid:84652405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.92.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789303/; classtype:trojan-activity;sid:84652403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.240.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789302/; classtype:trojan-activity;sid:84652402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.6.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789301/; classtype:trojan-activity;sid:84652401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789300)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.google"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"crop-sync.croprotation.in.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789300/; classtype:trojan-activity;sid:84652400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.94.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789299/; classtype:trojan-activity;sid:84652399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.92.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789298/; classtype:trojan-activity;sid:84652398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.158.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789297/; classtype:trojan-activity;sid:84652397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.94.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789296/; classtype:trojan-activity;sid:84652396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.201.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789295/; classtype:trojan-activity;sid:84652395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.247.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789294/; classtype:trojan-activity;sid:84652394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.18.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789293/; classtype:trojan-activity;sid:84652393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.158.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789292/; classtype:trojan-activity;sid:84652392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.94.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789291/; classtype:trojan-activity;sid:84652391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.201.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789290/; classtype:trojan-activity;sid:84652390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.30.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789289/; classtype:trojan-activity;sid:84652389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.193.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789288/; classtype:trojan-activity;sid:84652388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.28.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789287/; classtype:trojan-activity;sid:84652387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.193.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789286/; classtype:trojan-activity;sid:84652386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.18.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789285/; classtype:trojan-activity;sid:84652385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.247.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789284/; classtype:trojan-activity;sid:84652384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.61.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789283/; classtype:trojan-activity;sid:84652383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.30.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789282/; classtype:trojan-activity;sid:84652382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.61.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789281/; classtype:trojan-activity;sid:84652381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.246.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789280/; classtype:trojan-activity;sid:84652380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.21.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789279/; classtype:trojan-activity;sid:84652379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.252.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789278/; classtype:trojan-activity;sid:84652378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.27.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789277/; classtype:trojan-activity;sid:84652377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.21.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789276/; classtype:trojan-activity;sid:84652376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.155.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789275/; classtype:trojan-activity;sid:84652375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"173.28.103.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789274/; classtype:trojan-activity;sid:84652374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.7.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789273/; classtype:trojan-activity;sid:84652373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.252.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789272/; classtype:trojan-activity;sid:84652372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.27.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789271/; classtype:trojan-activity;sid:84652371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.215.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789270/; classtype:trojan-activity;sid:84652370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.152.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789269/; classtype:trojan-activity;sid:84652369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.7.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789268/; classtype:trojan-activity;sid:84652368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.93.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789267/; classtype:trojan-activity;sid:84652367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.237.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789266/; classtype:trojan-activity;sid:84652366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.120.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789265/; classtype:trojan-activity;sid:84652365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.93.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789264/; classtype:trojan-activity;sid:84652364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.198.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789263/; classtype:trojan-activity;sid:84652363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.215.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789262/; classtype:trojan-activity;sid:84652362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789246)"; flow:established,from_client; content:"GET"; http_method; content:"/boyl7molon"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3789246/; classtype:trojan-activity;sid:84652346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789129)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|filename=generatedpayload.png"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"bafybeiedkdwsp77zcvi6477lovtfde7rwsjdz7654kdnrgmciqg5mfhwh4.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3789129/; classtype:trojan-activity;sid:84652229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789128)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|filename=optimized_msi.png"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"bafybeihamvbzrm2tsifa4s7xruhfnsgnkzgtk2jqwj6cwgmdxj4wqe5lm4.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3789128/; classtype:trojan-activity;sid:84652228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.59.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3789026/; classtype:trojan-activity;sid:84652126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.59.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3789021/; classtype:trojan-activity;sid:84652121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789022)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.34.190.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3789022/; classtype:trojan-activity;sid:84652122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788914)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"77.90.61.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3788914/; classtype:trojan-activity;sid:84652014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788915)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"77.90.61.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3788915/; classtype:trojan-activity;sid:84652015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788916)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.dick"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"77.90.61.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3788916/; classtype:trojan-activity;sid:84652016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788917)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"77.90.61.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3788917/; classtype:trojan-activity;sid:84652017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788918)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"77.90.61.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3788918/; classtype:trojan-activity;sid:84652018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788913)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"77.90.61.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3788913/; classtype:trojan-activity;sid:84652013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788912)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"explorer.vg"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3788912/; classtype:trojan-activity;sid:84652012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788911)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.dick"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"77.90.61.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3788911/; classtype:trojan-activity;sid:84652011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788908)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.dick"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"77.90.61.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3788908/; classtype:trojan-activity;sid:84652008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788909)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"77.90.61.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3788909/; classtype:trojan-activity;sid:84652009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788905)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"77.90.61.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3788905/; classtype:trojan-activity;sid:84652005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788906)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.dick"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"77.90.61.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3788906/; classtype:trojan-activity;sid:84652006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788907)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"77.90.61.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3788907/; classtype:trojan-activity;sid:84652007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.251.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3788813/; classtype:trojan-activity;sid:84651913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788594)"; flow:established,from_client; content:"GET"; http_method; content:"/at.7z"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"whovcs.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788594/; classtype:trojan-activity;sid:84651694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788571)"; flow:established,from_client; content:"GET"; http_method; content:"/loader/rankup/free/freefortnitecheat.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"wpgbf1zg-5500.euw.devtunnels.ms"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788571/; classtype:trojan-activity;sid:84651671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788572)"; flow:established,from_client; content:"GET"; http_method; content:"/loader/rankup/free/freefortnitecleaner.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"wpgbf1zg-5500.euw.devtunnels.ms"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788572/; classtype:trojan-activity;sid:84651672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788401)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"200.122.211.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788401/; classtype:trojan-activity;sid:84651501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788390)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|filename=optimized_msi.png"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"bafybeig5e7vfagk6xs4b2kk6s2bgaqm4trr56whisnhzirxutlovqkcnli.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788390/; classtype:trojan-activity;sid:84651490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788389)"; flow:established,from_client; content:"GET"; http_method; content:"/components/com_media/m1vebzk/jt1wulk/wxhmvac/new/optimized_msi.png"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"chungminhtaichinhsaigon.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788389/; classtype:trojan-activity;sid:84651489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788385)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/anyaa-7c774.firebasestorage.app/o/adst.png|3f|alt=media|7c|26|7c|token=1b9eeb56-f64c-408e-9d7c-e117bff677a3"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788385/; classtype:trojan-activity;sid:84651485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788386)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/anyaa-7c774.firebasestorage.app/o/img_optimized_msi.png|3f|alt=media|7c|26|7c|token=c308e6bd-473a-4961-8306-1293ef430349"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788386/; classtype:trojan-activity;sid:84651486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788387)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/anyaa-7c774.firebasestorage.app/o/cr7.png|3f|alt=media|7c|26|7c|token=aa685aba-4c75-4b89-b8f0-ff3a2da75823"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788387/; classtype:trojan-activity;sid:84651487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788388)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/anyaa-7c774.firebasestorage.app/o/fuckoff.png|3f|alt=media|7c|26|7c|token=8f3e360a-7d2b-47ff-bf9e-6d560c0f0ee4"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788388/; classtype:trojan-activity;sid:84651488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788381)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/anyaa-7c774.firebasestorage.app/o/tucu1.png|3f|alt=media|7c|26|7c|token=1920548c-be4e-47ac-86d9-f975034c24e7"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788381/; classtype:trojan-activity;sid:84651481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788382)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/anyaa-7c774.firebasestorage.app/o/seba.png|3f|alt=media|7c|26|7c|token=93d4584d-ac8c-42ff-b7b0-26d859f0197f"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788382/; classtype:trojan-activity;sid:84651482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788383)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/anyaa-7c774.firebasestorage.app/o/toto1.png|3f|alt=media|7c|26|7c|token=aa683698-53b7-4927-bf97-84f1639b5cda"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788383/; classtype:trojan-activity;sid:84651483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788384)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/anyaa-7c774.firebasestorage.app/o/wowow1.png|3f|alt=media|7c|26|7c|token=69f4a496-8bf1-4a7c-b3e5-d6cbb4040a0a"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788384/; classtype:trojan-activity;sid:84651484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788380)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/anyaa-7c774.firebasestorage.app/o/0.0_msi.png|3f|alt=media|7c|26|7c|token=224f5f22-5377-4a28-86d8-746ec3ffdabd"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788380/; classtype:trojan-activity;sid:84651480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788379)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"coralasargetia.ro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788379/; classtype:trojan-activity;sid:84651479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.247.93.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788262/; classtype:trojan-activity;sid:84651362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788198)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.253.146.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788198/; classtype:trojan-activity;sid:84651298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788192)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.253.146.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788192/; classtype:trojan-activity;sid:84651292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788193)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.253.146.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788193/; classtype:trojan-activity;sid:84651293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788194)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.253.146.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788194/; classtype:trojan-activity;sid:84651294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788195)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.253.146.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788195/; classtype:trojan-activity;sid:84651295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788196)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.253.146.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788196/; classtype:trojan-activity;sid:84651296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788197)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.253.146.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788197/; classtype:trojan-activity;sid:84651297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788189)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.253.146.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788189/; classtype:trojan-activity;sid:84651289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788190)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.253.146.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788190/; classtype:trojan-activity;sid:84651290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788191)"; flow:established,from_client; content:"GET"; http_method; content:"/csk_mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.253.146.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788191/; classtype:trojan-activity;sid:84651291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788098)"; flow:established,from_client; content:"GET"; http_method; content:"/ymlucw/nmips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"143.20.185.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788098/; classtype:trojan-activity;sid:84651198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788099)"; flow:established,from_client; content:"GET"; http_method; content:"/ymlucw/narm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"143.20.185.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788099/; classtype:trojan-activity;sid:84651199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788093)"; flow:established,from_client; content:"GET"; http_method; content:"/ymlucw/nppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"143.20.185.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788093/; classtype:trojan-activity;sid:84651193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788094)"; flow:established,from_client; content:"GET"; http_method; content:"/ymlucw/nppc440"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.20.185.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788094/; classtype:trojan-activity;sid:84651194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788095)"; flow:established,from_client; content:"GET"; http_method; content:"/ymlucw/nx486"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"143.20.185.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788095/; classtype:trojan-activity;sid:84651195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788096)"; flow:established,from_client; content:"GET"; http_method; content:"/ymlucw/nx86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.20.185.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788096/; classtype:trojan-activity;sid:84651196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788097)"; flow:established,from_client; content:"GET"; http_method; content:"/ymlucw/nm68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"143.20.185.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788097/; classtype:trojan-activity;sid:84651197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788092)"; flow:established,from_client; content:"GET"; http_method; content:"/ymlucw/nx86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"143.20.185.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788092/; classtype:trojan-activity;sid:84651192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788091)"; flow:established,from_client; content:"GET"; http_method; content:"/ymlucw/nmpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"143.20.185.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788091/; classtype:trojan-activity;sid:84651191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788086)"; flow:established,from_client; content:"GET"; http_method; content:"/ymlucw/narm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"143.20.185.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788086/; classtype:trojan-activity;sid:84651186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788087)"; flow:established,from_client; content:"GET"; http_method; content:"/ymlucw/narm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"143.20.185.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788087/; classtype:trojan-activity;sid:84651187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788088)"; flow:established,from_client; content:"GET"; http_method; content:"/ymlucw/nx686"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"143.20.185.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788088/; classtype:trojan-activity;sid:84651188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788089)"; flow:established,from_client; content:"GET"; http_method; content:"/ymlucw/nsh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"143.20.185.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788089/; classtype:trojan-activity;sid:84651189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788090)"; flow:established,from_client; content:"GET"; http_method; content:"/ymlucw/narm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"143.20.185.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788090/; classtype:trojan-activity;sid:84651190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788070)"; flow:established,from_client; content:"GET"; http_method; content:"/pg.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788070/; classtype:trojan-activity;sid:84651170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788064)"; flow:established,from_client; content:"GET"; http_method; content:"/64/64th%20services.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"wpgbf1zg-5500.euw.devtunnels.ms"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788064/; classtype:trojan-activity;sid:84651164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788062)"; flow:established,from_client; content:"GET"; http_method; content:"/64/loader.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wpgbf1zg-5500.euw.devtunnels.ms"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788062/; classtype:trojan-activity;sid:84651162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787958)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"172.94.9.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3787958/; classtype:trojan-activity;sid:84651058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787940)"; flow:established,from_client; content:"GET"; http_method; content:"/cnvu.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"143.20.185.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3787940/; classtype:trojan-activity;sid:84651040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.93.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3787848/; classtype:trojan-activity;sid:84650948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.79.135.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3787775/; classtype:trojan-activity;sid:84650875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787676)"; flow:established,from_client; content:"GET"; http_method; content:"/babi.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"62.60.226.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_28; reference:url, urlhaus.abuse.ch/url/3787676/; classtype:trojan-activity;sid:84650776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.98.142.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_28; reference:url, urlhaus.abuse.ch/url/3787668/; classtype:trojan-activity;sid:84650768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787669)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"116.110.179.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_28; reference:url, urlhaus.abuse.ch/url/3787669/; classtype:trojan-activity;sid:84650769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787621)"; flow:established,from_client; content:"GET"; http_method; content:"/purplefinal.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"34.171.22.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_28; reference:url, urlhaus.abuse.ch/url/3787621/; classtype:trojan-activity;sid:84650721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787545)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"oficialrem.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_02_28; reference:url, urlhaus.abuse.ch/url/3787545/; classtype:trojan-activity;sid:84650645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787544)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.js"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"oficialrem.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_02_28; reference:url, urlhaus.abuse.ch/url/3787544/; classtype:trojan-activity;sid:84650644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787543)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.bat"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"oficialrem.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_02_28; reference:url, urlhaus.abuse.ch/url/3787543/; classtype:trojan-activity;sid:84650643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787504)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"116.101.73.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_28; reference:url, urlhaus.abuse.ch/url/3787504/; classtype:trojan-activity;sid:84650604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787422)"; flow:established,from_client; content:"GET"; http_method; content:"/copal.psd"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"146.103.105.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_28; reference:url, urlhaus.abuse.ch/url/3787422/; classtype:trojan-activity;sid:84650522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787415)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|filename=22222optimized_msi.png"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"bafybeihmvo5nbtacxb7bx6bzla7adpg7ldm2ud3fqbom6724ajlki42urq.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2026_02_28; reference:url, urlhaus.abuse.ch/url/3787415/; classtype:trojan-activity;sid:84650515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787416)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|filename=xxwconvertedfile.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"bafybeidp7zdy2lu6yxvbgoev4b6xokuaa6jljr34vkflxzel2ya2gc3plm.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2026_02_28; reference:url, urlhaus.abuse.ch/url/3787416/; classtype:trojan-activity;sid:84650516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.103.0.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_28; reference:url, urlhaus.abuse.ch/url/3787362/; classtype:trojan-activity;sid:84650462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.163.134.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_28; reference:url, urlhaus.abuse.ch/url/3787339/; classtype:trojan-activity;sid:84650439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.163.134.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_28; reference:url, urlhaus.abuse.ch/url/3787331/; classtype:trojan-activity;sid:84650431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787273)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"175.207.169.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_28; reference:url, urlhaus.abuse.ch/url/3787273/; classtype:trojan-activity;sid:84650373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787193)"; flow:established,from_client; content:"GET"; http_method; content:"/abdullah7cv/axios-with-proxies/refs/heads/main/opalish/proxies-axios-with-2.5.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787193/; classtype:trojan-activity;sid:84650293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787134)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787134/; classtype:trojan-activity;sid:84650234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787120)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787120/; classtype:trojan-activity;sid:84650220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787121)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787121/; classtype:trojan-activity;sid:84650221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787122)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787122/; classtype:trojan-activity;sid:84650222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787123)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787123/; classtype:trojan-activity;sid:84650223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787124)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787124/; classtype:trojan-activity;sid:84650224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787125)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787125/; classtype:trojan-activity;sid:84650225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787126)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787126/; classtype:trojan-activity;sid:84650226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787127)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787127/; classtype:trojan-activity;sid:84650227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787128)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787128/; classtype:trojan-activity;sid:84650228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787129)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787129/; classtype:trojan-activity;sid:84650229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787130)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787130/; classtype:trojan-activity;sid:84650230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787132)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787132/; classtype:trojan-activity;sid:84650232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787133)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787133/; classtype:trojan-activity;sid:84650233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787091)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"86.106.143.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787091/; classtype:trojan-activity;sid:84650191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787083)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.165.6.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787083/; classtype:trojan-activity;sid:84650183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787078)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"171.235.194.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787078/; classtype:trojan-activity;sid:84650178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"137.175.205.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787075/; classtype:trojan-activity;sid:84650175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787077)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.142.77.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787077/; classtype:trojan-activity;sid:84650177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.117.6.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787069/; classtype:trojan-activity;sid:84650169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787067)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.86.246.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787067/; classtype:trojan-activity;sid:84650167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.120.108.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787065/; classtype:trojan-activity;sid:84650165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787066)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.1.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787066/; classtype:trojan-activity;sid:84650166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786987)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/upl/aih2q8_tdpwa9w6hskn5/539869.pdf"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"www.kotojuki.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786987/; classtype:trojan-activity;sid:84650087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786982)"; flow:established,from_client; content:"GET"; http_method; content:"/jack5tr.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786982/; classtype:trojan-activity;sid:84650082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786983)"; flow:established,from_client; content:"GET"; http_method; content:"/abc1.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786983/; classtype:trojan-activity;sid:84650083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786984)"; flow:established,from_client; content:"GET"; http_method; content:"/abc3.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786984/; classtype:trojan-activity;sid:84650084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786985)"; flow:established,from_client; content:"GET"; http_method; content:"/abc2.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786985/; classtype:trojan-activity;sid:84650085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786981)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786981/; classtype:trojan-activity;sid:84650081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786898)"; flow:established,from_client; content:"GET"; http_method; content:"/notepad.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"igw.myfirewall.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786898/; classtype:trojan-activity;sid:84649998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786899)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpoint.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bmh-global.myfirewall.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786899/; classtype:trojan-activity;sid:84649999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786888)"; flow:established,from_client; content:"GET"; http_method; content:"/ssa_statement.msi"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"bnet.playm8ru.win"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786888/; classtype:trojan-activity;sid:84649988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786879)"; flow:established,from_client; content:"GET"; http_method; content:"/ssa_statement.msi"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"bnet-api.playm8ru.win"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786879/; classtype:trojan-activity;sid:84649979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786841)"; flow:established,from_client; content:"GET"; http_method; content:"/ssa_statement.msi"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"212.224.107.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786841/; classtype:trojan-activity;sid:84649941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.220.116.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786753/; classtype:trojan-activity;sid:84649853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.220.116.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786743/; classtype:trojan-activity;sid:84649843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786728)"; flow:established,from_client; content:"GET"; http_method; content:"/clieez/cracked-price-history-tracker-spend-lens-buyhatke/refs/heads/main/ustorious/buyhatke_spend_price_history_tracker_lens_cracked_1.9.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786728/; classtype:trojan-activity;sid:84649828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786729)"; flow:established,from_client; content:"GET"; http_method; content:"/clieez/cracked-price-history-tracker-spend-lens-buyhatke/raw/refs/heads/main/ustorious/buyhatke_spend_price_history_tracker_lens_cracked_1.9.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786729/; classtype:trojan-activity;sid:84649829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786727)"; flow:established,from_client; content:"GET"; http_method; content:"/jyng2002/cracked-enhancer-for-trello-extension/raw/refs/heads/main/hangworthy/cracked_trello_enhancer_for_extension_v1.3.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786727/; classtype:trojan-activity;sid:84649827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786726)"; flow:established,from_client; content:"GET"; http_method; content:"/jyng2002/cracked-enhancer-for-trello-extension/refs/heads/main/hangworthy/cracked_trello_enhancer_for_extension_v1.3.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786726/; classtype:trojan-activity;sid:84649826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786725)"; flow:established,from_client; content:"GET"; http_method; content:"/teskkkkk/cracked-todoist-for-chrome/raw/refs/heads/main/fieldworker/cracked-chrome-for-todoist-v3.0.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786725/; classtype:trojan-activity;sid:84649825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786724)"; flow:established,from_client; content:"GET"; http_method; content:"/teskkkkk/cracked-todoist-for-chrome/refs/heads/main/fieldworker/cracked-chrome-for-todoist-v3.0.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786724/; classtype:trojan-activity;sid:84649824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786721)"; flow:established,from_client; content:"GET"; http_method; content:"/maybedesxie7/cracked-webpage-annotator-extension/refs/heads/main/decrepitation/cracked-annotator-webpage-extension-2.1-beta.4.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786721/; classtype:trojan-activity;sid:84649821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786720)"; flow:established,from_client; content:"GET"; http_method; content:"/maybedesxie7/cracked-webpage-annotator-extension/raw/refs/heads/main/decrepitation/cracked-annotator-webpage-extension-2.1-beta.4.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786720/; classtype:trojan-activity;sid:84649820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786715)"; flow:established,from_client; content:"GET"; http_method; content:"/darkphatom/cracked-awesome-autocomplete-for-git-hub-extension/refs/heads/main/elegit/cracked_autocomplete_for_git_extension_awesome_hub_2.5.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786715/; classtype:trojan-activity;sid:84649815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786714)"; flow:established,from_client; content:"GET"; http_method; content:"/darkphatom/cracked-awesome-autocomplete-for-git-hub-extension/raw/refs/heads/main/elegit/cracked_autocomplete_for_git_extension_awesome_hub_2.5.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786714/; classtype:trojan-activity;sid:84649814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786712)"; flow:established,from_client; content:"GET"; http_method; content:"/sameeronwheels/cracked-save-to-milanote-extension/main/nonnucleated/to-extension-save-cracked-milanote-revalidate.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786712/; classtype:trojan-activity;sid:84649812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786713)"; flow:established,from_client; content:"GET"; http_method; content:"/sameeronwheels/cracked-save-to-milanote-extension/raw/refs/heads/main/nonnucleated/to-extension-save-cracked-milanote-revalidate.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786713/; classtype:trojan-activity;sid:84649813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.252.100.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786711/; classtype:trojan-activity;sid:84649811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786671)"; flow:established,from_client; content:"GET"; http_method; content:"/free.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wpgbf1zg-5500.euw.devtunnels.ms"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786671/; classtype:trojan-activity;sid:84649771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786669)"; flow:established,from_client; content:"GET"; http_method; content:"/rankup/freeclean/rankupservicecleaner.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"wpgbf1zg-5500.euw.devtunnels.ms"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786669/; classtype:trojan-activity;sid:84649769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786670)"; flow:established,from_client; content:"GET"; http_method; content:"/rankup/freetemp/rankupservicefreetemp.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"wpgbf1zg-5500.euw.devtunnels.ms"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786670/; classtype:trojan-activity;sid:84649770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786651)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.147.179.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786651/; classtype:trojan-activity;sid:84649751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786451)"; flow:established,from_client; content:"GET"; http_method; content:"/result.hta"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"roverlink.io"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786451/; classtype:trojan-activity;sid:84649551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786439)"; flow:established,from_client; content:"GET"; http_method; content:"/result.hta"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"roverlink.io"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786439/; classtype:trojan-activity;sid:84649539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786364)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.190.250.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786364/; classtype:trojan-activity;sid:84649464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786362)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.92.169.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786362/; classtype:trojan-activity;sid:84649462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.211.255.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786361/; classtype:trojan-activity;sid:84649461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.251.133.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786360/; classtype:trojan-activity;sid:84649460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.229.228.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786359/; classtype:trojan-activity;sid:84649459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.38.58.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786357/; classtype:trojan-activity;sid:84649457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786353)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.142.77.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786353/; classtype:trojan-activity;sid:84649453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786347)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.1.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786347/; classtype:trojan-activity;sid:84649447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786348)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.1.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786348/; classtype:trojan-activity;sid:84649448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786349)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.1.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786349/; classtype:trojan-activity;sid:84649449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786333)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/160064.jpg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"62.60.226.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786333/; classtype:trojan-activity;sid:84649433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786317)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"203.57.109.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786317/; classtype:trojan-activity;sid:84649417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786311)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"77.110.126.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786311/; classtype:trojan-activity;sid:84649411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786308)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.242.30.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786308/; classtype:trojan-activity;sid:84649408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786309)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.242.30.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786309/; classtype:trojan-activity;sid:84649409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786310)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.242.30.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786310/; classtype:trojan-activity;sid:84649410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786299)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.242.30.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786299/; classtype:trojan-activity;sid:84649399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786300)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.242.30.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786300/; classtype:trojan-activity;sid:84649400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786301)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.242.30.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786301/; classtype:trojan-activity;sid:84649401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786302)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.242.30.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786302/; classtype:trojan-activity;sid:84649402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786303)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.242.30.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786303/; classtype:trojan-activity;sid:84649403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786304)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.242.30.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786304/; classtype:trojan-activity;sid:84649404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786305)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.242.30.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786305/; classtype:trojan-activity;sid:84649405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786306)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.242.30.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786306/; classtype:trojan-activity;sid:84649406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786307)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.242.30.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786307/; classtype:trojan-activity;sid:84649407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.88.242.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786190/; classtype:trojan-activity;sid:84649290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.88.242.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786184/; classtype:trojan-activity;sid:84649284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786136)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786136/; classtype:trojan-activity;sid:84649236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786137)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786137/; classtype:trojan-activity;sid:84649237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786138)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786138/; classtype:trojan-activity;sid:84649238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786139)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786139/; classtype:trojan-activity;sid:84649239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786140)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786140/; classtype:trojan-activity;sid:84649240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786141)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786141/; classtype:trojan-activity;sid:84649241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786142)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786142/; classtype:trojan-activity;sid:84649242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786143)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786143/; classtype:trojan-activity;sid:84649243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786144)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786144/; classtype:trojan-activity;sid:84649244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786145)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786145/; classtype:trojan-activity;sid:84649245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786146)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786146/; classtype:trojan-activity;sid:84649246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786135)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786135/; classtype:trojan-activity;sid:84649235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785651)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.196.41.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785651/; classtype:trojan-activity;sid:84648751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785539)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"fenbushijujuefuwu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785539/; classtype:trojan-activity;sid:84648639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785542)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.168.95.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785542/; classtype:trojan-activity;sid:84648642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785515)"; flow:established,from_client; content:"GET"; http_method; content:"/bash.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"img.ipxxxx.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785515/; classtype:trojan-activity;sid:84648615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785516)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"img.ipxxxx.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785516/; classtype:trojan-activity;sid:84648616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785517)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"img.ipxxxx.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785517/; classtype:trojan-activity;sid:84648617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785518)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"fenbushijujuefuwu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785518/; classtype:trojan-activity;sid:84648618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785519)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"fenbushijujuefuwu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785519/; classtype:trojan-activity;sid:84648619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785520)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"fenbushijujuefuwu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785520/; classtype:trojan-activity;sid:84648620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785521)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"fenbushijujuefuwu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785521/; classtype:trojan-activity;sid:84648621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785522)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"fenbushijujuefuwu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785522/; classtype:trojan-activity;sid:84648622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785523)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"fenbushijujuefuwu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785523/; classtype:trojan-activity;sid:84648623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785524)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.226.174.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785524/; classtype:trojan-activity;sid:84648624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785525)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fenbushijujuefuwu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785525/; classtype:trojan-activity;sid:84648625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785526)"; flow:established,from_client; content:"GET"; http_method; content:"/bash.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fenbushijujuefuwu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785526/; classtype:trojan-activity;sid:84648626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785527)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"fenbushijujuefuwu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785527/; classtype:trojan-activity;sid:84648627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785528)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"img.ipxxxx.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785528/; classtype:trojan-activity;sid:84648628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785529)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.226.174.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785529/; classtype:trojan-activity;sid:84648629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785530)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"img.ipxxxx.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785530/; classtype:trojan-activity;sid:84648630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785531)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"img.ipxxxx.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785531/; classtype:trojan-activity;sid:84648631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785532)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"fenbushijujuefuwu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785532/; classtype:trojan-activity;sid:84648632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785533)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"fenbushijujuefuwu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785533/; classtype:trojan-activity;sid:84648633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785534)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"fenbushijujuefuwu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785534/; classtype:trojan-activity;sid:84648634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785535)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"fenbushijujuefuwu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785535/; classtype:trojan-activity;sid:84648635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785536)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"img.ipxxxx.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785536/; classtype:trojan-activity;sid:84648636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785537)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"img.ipxxxx.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785537/; classtype:trojan-activity;sid:84648637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785538)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"img.ipxxxx.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785538/; classtype:trojan-activity;sid:84648638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785511)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"img.ipxxxx.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785511/; classtype:trojan-activity;sid:84648611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785512)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"img.ipxxxx.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785512/; classtype:trojan-activity;sid:84648612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785513)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"img.ipxxxx.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785513/; classtype:trojan-activity;sid:84648613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785514)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"img.ipxxxx.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785514/; classtype:trojan-activity;sid:84648614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785510)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"img.ipxxxx.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785510/; classtype:trojan-activity;sid:84648610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785498)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.226.174.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785498/; classtype:trojan-activity;sid:84648598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785499)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.226.174.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785499/; classtype:trojan-activity;sid:84648599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785500)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.226.174.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785500/; classtype:trojan-activity;sid:84648600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785501)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.226.174.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785501/; classtype:trojan-activity;sid:84648601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785502)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.226.174.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785502/; classtype:trojan-activity;sid:84648602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785503)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.226.174.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785503/; classtype:trojan-activity;sid:84648603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785504)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.226.174.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785504/; classtype:trojan-activity;sid:84648604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785505)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.226.174.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785505/; classtype:trojan-activity;sid:84648605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785506)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.226.174.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785506/; classtype:trojan-activity;sid:84648606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785507)"; flow:established,from_client; content:"GET"; http_method; content:"/bash.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"156.226.174.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785507/; classtype:trojan-activity;sid:84648607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785508)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.226.174.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785508/; classtype:trojan-activity;sid:84648608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785509)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.226.174.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785509/; classtype:trojan-activity;sid:84648609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785486)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.152.112.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785486/; classtype:trojan-activity;sid:84648586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785484)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.166.91.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785484/; classtype:trojan-activity;sid:84648584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.149.93.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785485/; classtype:trojan-activity;sid:84648585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785481)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.13.214.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785481/; classtype:trojan-activity;sid:84648581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785442)"; flow:established,from_client; content:"GET"; http_method; content:"/test/zcgo/zcgo1.vbs"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"7070-ppxcx-a1-3gg5ufwp666ee644-1300076834.tcb.qcloud.la"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785442/; classtype:trojan-activity;sid:84648542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785440)"; flow:established,from_client; content:"GET"; http_method; content:"/dhl/doc389l47.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"esr.ro"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785440/; classtype:trojan-activity;sid:84648540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785438)"; flow:established,from_client; content:"GET"; http_method; content:"/test/zcgo/go.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"7070-ppxcx-a1-3gg5ufwp666ee644-1300076834.tcb.qcloud.la"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785438/; classtype:trojan-activity;sid:84648538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785421)"; flow:established,from_client; content:"GET"; http_method; content:"/blackwall0220/roblox-discord-status-bot/raw/refs/heads/master/pelodytes/status-roblox-discord-bot-v2.8.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785421/; classtype:trojan-activity;sid:84648521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785380)"; flow:established,from_client; content:"GET"; http_method; content:"/satish-ss/roblox-matcha/raw/refs/heads/master/bacula/matcha-roblox-v3.9-beta.1.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785380/; classtype:trojan-activity;sid:84648480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785250)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"62.60.226.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785250/; classtype:trojan-activity;sid:84648350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785197)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"62.60.226.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3785197/; classtype:trojan-activity;sid:84648297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785172)"; flow:established,from_client; content:"GET"; http_method; content:"/xdlol.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3785172/; classtype:trojan-activity;sid:84648272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785173)"; flow:established,from_client; content:"GET"; http_method; content:"/xdlol.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3785173/; classtype:trojan-activity;sid:84648273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785174)"; flow:established,from_client; content:"GET"; http_method; content:"/xdlol.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3785174/; classtype:trojan-activity;sid:84648274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785175)"; flow:established,from_client; content:"GET"; http_method; content:"/xdlol.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3785175/; classtype:trojan-activity;sid:84648275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785176)"; flow:established,from_client; content:"GET"; http_method; content:"/xdlol.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3785176/; classtype:trojan-activity;sid:84648276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785177)"; flow:established,from_client; content:"GET"; http_method; content:"/xdlol.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3785177/; classtype:trojan-activity;sid:84648277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785178)"; flow:established,from_client; content:"GET"; http_method; content:"/xdlol.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3785178/; classtype:trojan-activity;sid:84648278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785179)"; flow:established,from_client; content:"GET"; http_method; content:"/xdlol.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3785179/; classtype:trojan-activity;sid:84648279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785180)"; flow:established,from_client; content:"GET"; http_method; content:"/xdlol.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3785180/; classtype:trojan-activity;sid:84648280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785181)"; flow:established,from_client; content:"GET"; http_method; content:"/xdlol.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3785181/; classtype:trojan-activity;sid:84648281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785182)"; flow:established,from_client; content:"GET"; http_method; content:"/xdlol.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3785182/; classtype:trojan-activity;sid:84648282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785183)"; flow:established,from_client; content:"GET"; http_method; content:"/xdlol.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3785183/; classtype:trojan-activity;sid:84648283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785101)"; flow:established,from_client; content:"GET"; http_method; content:"/cacti/ns1.jpg"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.56.149.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3785101/; classtype:trojan-activity;sid:84648201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785098)"; flow:established,from_client; content:"GET"; http_method; content:"/n4.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.83.39.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3785098/; classtype:trojan-activity;sid:84648198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785048)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.196.41.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3785048/; classtype:trojan-activity;sid:84648148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785050)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.196.41.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3785050/; classtype:trojan-activity;sid:84648150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785052)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.196.41.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3785052/; classtype:trojan-activity;sid:84648152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785053)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.196.41.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3785053/; classtype:trojan-activity;sid:84648153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785054)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.196.41.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3785054/; classtype:trojan-activity;sid:84648154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785035)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/anyaa-7c774.firebasestorage.app/o/o0p0timized_msi.png|3f|alt=media|7c|26|7c|token=a28749cc-1bea-4bd1-9c70-9d777eed205d"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3785035/; classtype:trojan-activity;sid:84648135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784955)"; flow:established,from_client; content:"GET"; http_method; content:"/666666.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"c.fi3.me"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784955/; classtype:trojan-activity;sid:84648055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784953)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/anyaa-7c774.firebasestorage.app/o/so1.png|3f|alt=media|7c|26|7c|token=06e11488-50fd-4273-877e-92ccc11a2e22"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784953/; classtype:trojan-activity;sid:84648053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784948)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/o00ptimized_msi.png"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"crixup.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784948/; classtype:trojan-activity;sid:84648048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784925)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"171.241.208.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784925/; classtype:trojan-activity;sid:84648025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784859)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/16784059/p.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784859/; classtype:trojan-activity;sid:84647959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784860)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/16784059/p.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784860/; classtype:trojan-activity;sid:84647960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784815)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"64.89.163.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784815/; classtype:trojan-activity;sid:84647915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784816)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"64.89.163.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784816/; classtype:trojan-activity;sid:84647916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784804)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"64.89.163.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784804/; classtype:trojan-activity;sid:84647904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784805)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"64.89.163.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784805/; classtype:trojan-activity;sid:84647905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784806)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"64.89.163.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784806/; classtype:trojan-activity;sid:84647906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784807)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"64.89.163.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784807/; classtype:trojan-activity;sid:84647907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784808)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"64.89.163.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784808/; classtype:trojan-activity;sid:84647908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784809)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"64.89.163.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784809/; classtype:trojan-activity;sid:84647909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784810)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"64.89.163.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784810/; classtype:trojan-activity;sid:84647910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784811)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"64.89.163.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784811/; classtype:trojan-activity;sid:84647911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784812)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"64.89.163.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784812/; classtype:trojan-activity;sid:84647912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784813)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"64.89.163.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784813/; classtype:trojan-activity;sid:84647913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784758)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.251.133.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784758/; classtype:trojan-activity;sid:84647858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784720)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.38.58.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784720/; classtype:trojan-activity;sid:84647820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784718)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.117.6.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784718/; classtype:trojan-activity;sid:84647818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784710)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"66.229.228.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784710/; classtype:trojan-activity;sid:84647810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.client.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"ssagntroplexa.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784687/; classtype:trojan-activity;sid:84647787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.client.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"136.0.213.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784686/; classtype:trojan-activity;sid:84647786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784634)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.194.20.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784634/; classtype:trojan-activity;sid:84647734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784513)"; flow:established,from_client; content:"GET"; http_method; content:"/build1.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.107.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_23; reference:url, urlhaus.abuse.ch/url/3784513/; classtype:trojan-activity;sid:84647613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.118.128.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_23; reference:url, urlhaus.abuse.ch/url/3784413/; classtype:trojan-activity;sid:84647513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784271)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|filename=machinery%20singapore.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"bafybeidv6v7pezugmfpzwl2k2ni56nhvlyv5vaibriswtsthae5loxskpi.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2026_02_23; reference:url, urlhaus.abuse.ch/url/3784271/; classtype:trojan-activity;sid:84647371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784108)"; flow:established,from_client; content:"GET"; http_method; content:"/robomegadom"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.242.3.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_23; reference:url, urlhaus.abuse.ch/url/3784108/; classtype:trojan-activity;sid:84647208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.59.106.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783738/; classtype:trojan-activity;sid:84646838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.59.106.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783737/; classtype:trojan-activity;sid:84646837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783712)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.152.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783712/; classtype:trojan-activity;sid:84646812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783713)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.152.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783713/; classtype:trojan-activity;sid:84646813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783714)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783714/; classtype:trojan-activity;sid:84646814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783715)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.152.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783715/; classtype:trojan-activity;sid:84646815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783716)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.152.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783716/; classtype:trojan-activity;sid:84646816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783717)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.152.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783717/; classtype:trojan-activity;sid:84646817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783708)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.152.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783708/; classtype:trojan-activity;sid:84646808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783709)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.152.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783709/; classtype:trojan-activity;sid:84646809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783710)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.152.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783710/; classtype:trojan-activity;sid:84646810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783711)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.152.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783711/; classtype:trojan-activity;sid:84646811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783701)"; flow:established,from_client; content:"GET"; http_method; content:"/client"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.224.79.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783701/; classtype:trojan-activity;sid:84646801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783687)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.224.79.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783687/; classtype:trojan-activity;sid:84646787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783680)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.224.79.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783680/; classtype:trojan-activity;sid:84646780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783681)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.224.79.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783681/; classtype:trojan-activity;sid:84646781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783679)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.152.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783679/; classtype:trojan-activity;sid:84646779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783677)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.152.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783677/; classtype:trojan-activity;sid:84646777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783675)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.224.79.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783675/; classtype:trojan-activity;sid:84646775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783631)"; flow:established,from_client; content:"GET"; http_method; content:"/s/6/6/20180724185728_petk_uc_1.4.0.apk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"downali.game.uc.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783631/; classtype:trojan-activity;sid:84646731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783630)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%b1%86%e5%8c%85%e7%81%ab%e9%be%99.rar"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"dbss180.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783630/; classtype:trojan-activity;sid:84646730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783627)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%88%92%e5%ad%a6%e5%8f%b7v2--%e6%9e%81%e9%80%9f%e7%89%88.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"xn--h6qpop2cq9nl9c.pages.dev"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783627/; classtype:trojan-activity;sid:84646727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783623)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/soft/111210/1_0048481261.rar"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cn.unionlever.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783623/; classtype:trojan-activity;sid:84646723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783624)"; flow:established,from_client; content:"GET"; http_method; content:"/approved%20document%23d53lu.msi"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"pub-bbbdebc2599c4d74b04c5d53e439f7a7.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783624/; classtype:trojan-activity;sid:84646724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783597)"; flow:established,from_client; content:"GET"; http_method; content:"/approved%20document%23402.vbs"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"pub-bbbdebc2599c4d74b04c5d53e439f7a7.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783597/; classtype:trojan-activity;sid:84646697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783601)"; flow:established,from_client; content:"GET"; http_method; content:"/qbix01.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"sutterpoint.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783601/; classtype:trojan-activity;sid:84646701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783491)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.16.9"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783491/; classtype:trojan-activity;sid:84646591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783435)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"89.155.135.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783435/; classtype:trojan-activity;sid:84646535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783429)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"153.169.125.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783429/; classtype:trojan-activity;sid:84646529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783430)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"117.2.125.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783430/; classtype:trojan-activity;sid:84646530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783423)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"185.60.107.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783423/; classtype:trojan-activity;sid:84646523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783426)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"87.138.104.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783426/; classtype:trojan-activity;sid:84646526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783422)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"71.32.43.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783422/; classtype:trojan-activity;sid:84646522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783412)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"103.152.141.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783412/; classtype:trojan-activity;sid:84646512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783409)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"90.180.227.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783409/; classtype:trojan-activity;sid:84646509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783407)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"113.178.159.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783407/; classtype:trojan-activity;sid:84646507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783406)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"176.35.149.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783406/; classtype:trojan-activity;sid:84646506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783405)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"82.139.95.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783405/; classtype:trojan-activity;sid:84646505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783402)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"185.237.41.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783402/; classtype:trojan-activity;sid:84646502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783403)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"124.36.156.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783403/; classtype:trojan-activity;sid:84646503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783398)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"94.19.38.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783398/; classtype:trojan-activity;sid:84646498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783397)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"202.129.16.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783397/; classtype:trojan-activity;sid:84646497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783395)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"218.103.122.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783395/; classtype:trojan-activity;sid:84646495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783378)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"71.32.43.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783378/; classtype:trojan-activity;sid:84646478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783379)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"77.174.79.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783379/; classtype:trojan-activity;sid:84646479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783384)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"193.165.245.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783384/; classtype:trojan-activity;sid:84646484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783388)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"218.103.129.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783388/; classtype:trojan-activity;sid:84646488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783372)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"92.43.24.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783372/; classtype:trojan-activity;sid:84646472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783370)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"219.76.140.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783370/; classtype:trojan-activity;sid:84646470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783369)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"121.101.79.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783369/; classtype:trojan-activity;sid:84646469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783366)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"202.175.181.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783366/; classtype:trojan-activity;sid:84646466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783363)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"109.167.133.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783363/; classtype:trojan-activity;sid:84646463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783364)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"171.225.226.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783364/; classtype:trojan-activity;sid:84646464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783365)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"182.54.141.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783365/; classtype:trojan-activity;sid:84646465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783361)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"71.32.43.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783361/; classtype:trojan-activity;sid:84646461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783362)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"103.6.179.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783362/; classtype:trojan-activity;sid:84646462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783355)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"220.246.61.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783355/; classtype:trojan-activity;sid:84646455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783352)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"84.86.236.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783352/; classtype:trojan-activity;sid:84646452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783354)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"210.149.155.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783354/; classtype:trojan-activity;sid:84646454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783342)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"84.243.234.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783342/; classtype:trojan-activity;sid:84646442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783343)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"78.44.199.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783343/; classtype:trojan-activity;sid:84646443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783344)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"79.150.114.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783344/; classtype:trojan-activity;sid:84646444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783348)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"58.146.67.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783348/; classtype:trojan-activity;sid:84646448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783349)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"180.14.155.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783349/; classtype:trojan-activity;sid:84646449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783350)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"202.160.19.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783350/; classtype:trojan-activity;sid:84646450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783351)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"203.38.121.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783351/; classtype:trojan-activity;sid:84646451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783340)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"2.84.95.193"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783340/; classtype:trojan-activity;sid:84646440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783331)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"49.176.254.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783331/; classtype:trojan-activity;sid:84646431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783329)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"118.189.98.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783329/; classtype:trojan-activity;sid:84646429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783328)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"71.32.43.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783328/; classtype:trojan-activity;sid:84646428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783324)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"116.91.125.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783324/; classtype:trojan-activity;sid:84646424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783326)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"75.214.255.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783326/; classtype:trojan-activity;sid:84646426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783319)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"79.200.94.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783319/; classtype:trojan-activity;sid:84646419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783320)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"71.32.43.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783320/; classtype:trojan-activity;sid:84646420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783321)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"171.249.182.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783321/; classtype:trojan-activity;sid:84646421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783314)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"14.161.46.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783314/; classtype:trojan-activity;sid:84646414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783315)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"50.193.152.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783315/; classtype:trojan-activity;sid:84646415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783310)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"180.35.14.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783310/; classtype:trojan-activity;sid:84646410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783302)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"121.1.138.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783302/; classtype:trojan-activity;sid:84646402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783303)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"49.245.76.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783303/; classtype:trojan-activity;sid:84646403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783304)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"108.41.80.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783304/; classtype:trojan-activity;sid:84646404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783306)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"2.238.146.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783306/; classtype:trojan-activity;sid:84646406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783307)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"72.69.23.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783307/; classtype:trojan-activity;sid:84646407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783296)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"213.165.183.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783296/; classtype:trojan-activity;sid:84646396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783293)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"104.4.43.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783293/; classtype:trojan-activity;sid:84646393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783287)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"90.90.205.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783287/; classtype:trojan-activity;sid:84646387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783274)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"42.200.182.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783274/; classtype:trojan-activity;sid:84646374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783276)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"58.185.111.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783276/; classtype:trojan-activity;sid:84646376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783281)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"203.218.119.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783281/; classtype:trojan-activity;sid:84646381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783282)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"203.198.17.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783282/; classtype:trojan-activity;sid:84646382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783271)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"202.158.94.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783271/; classtype:trojan-activity;sid:84646371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783266)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"121.6.210.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783266/; classtype:trojan-activity;sid:84646366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783268)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"190.201.154.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783268/; classtype:trojan-activity;sid:84646368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783264)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"118.136.158.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783264/; classtype:trojan-activity;sid:84646364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783262)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"180.57.46.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783262/; classtype:trojan-activity;sid:84646362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783259)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"42.200.170.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783259/; classtype:trojan-activity;sid:84646359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783256)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"78.111.82.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783256/; classtype:trojan-activity;sid:84646356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783257)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"188.167.179.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783257/; classtype:trojan-activity;sid:84646357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783253)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"118.140.76.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783253/; classtype:trojan-activity;sid:84646353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783254)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"180.176.195.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783254/; classtype:trojan-activity;sid:84646354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783249)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"87.248.15.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783249/; classtype:trojan-activity;sid:84646349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783250)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"84.83.80.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783250/; classtype:trojan-activity;sid:84646350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783251)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"103.123.98.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783251/; classtype:trojan-activity;sid:84646351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783252)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"153.136.164.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783252/; classtype:trojan-activity;sid:84646352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783248)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"158.140.167.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783248/; classtype:trojan-activity;sid:84646348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783244)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"174.71.238.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783244/; classtype:trojan-activity;sid:84646344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783246)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"109.129.108.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783246/; classtype:trojan-activity;sid:84646346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783238)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"27.109.142.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783238/; classtype:trojan-activity;sid:84646338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783242)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"93.51.102.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783242/; classtype:trojan-activity;sid:84646342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783236)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"71.32.43.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783236/; classtype:trojan-activity;sid:84646336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783232)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"153.179.12.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783232/; classtype:trojan-activity;sid:84646332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783230)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"96.49.197.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783230/; classtype:trojan-activity;sid:84646330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783231)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"220.246.34.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783231/; classtype:trojan-activity;sid:84646331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783224)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"202.158.94.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783224/; classtype:trojan-activity;sid:84646324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783225)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"73.179.119.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783225/; classtype:trojan-activity;sid:84646325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783219)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"71.32.43.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783219/; classtype:trojan-activity;sid:84646319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783218)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"176.12.124.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783218/; classtype:trojan-activity;sid:84646318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783214)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"71.32.43.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783214/; classtype:trojan-activity;sid:84646314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783215)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"180.235.37.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783215/; classtype:trojan-activity;sid:84646315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783202)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"218.188.43.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783202/; classtype:trojan-activity;sid:84646302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783206)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"121.6.96.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783206/; classtype:trojan-activity;sid:84646306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783207)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"161.49.132.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783207/; classtype:trojan-activity;sid:84646307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783209)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"116.86.50.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783209/; classtype:trojan-activity;sid:84646309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783211)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"222.154.246.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783211/; classtype:trojan-activity;sid:84646311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783195)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"79.98.159.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783195/; classtype:trojan-activity;sid:84646295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783196)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"94.168.120.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783196/; classtype:trojan-activity;sid:84646296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783197)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"141.134.214.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783197/; classtype:trojan-activity;sid:84646297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783198)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"90.177.125.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783198/; classtype:trojan-activity;sid:84646298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783200)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"188.15.129.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783200/; classtype:trojan-activity;sid:84646300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783201)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"182.54.141.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783201/; classtype:trojan-activity;sid:84646301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783193)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"82.127.110.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783193/; classtype:trojan-activity;sid:84646293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783184)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"99.53.69.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783184/; classtype:trojan-activity;sid:84646284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783186)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"223.17.225.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783186/; classtype:trojan-activity;sid:84646286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783187)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"58.87.231.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783187/; classtype:trojan-activity;sid:84646287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783189)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"118.200.67.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783189/; classtype:trojan-activity;sid:84646289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783181)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"79.25.255.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783181/; classtype:trojan-activity;sid:84646281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"2.58.56.134"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783164/; classtype:trojan-activity;sid:84646264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"45.94.31.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783166/; classtype:trojan-activity;sid:84646266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"45.94.31.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783159/; classtype:trojan-activity;sid:84646259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"124.198.131.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783160/; classtype:trojan-activity;sid:84646260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"192.159.99.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783154/; classtype:trojan-activity;sid:84646254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"185.241.208.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783156/; classtype:trojan-activity;sid:84646256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"124.198.131.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783157/; classtype:trojan-activity;sid:84646257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"45.94.31.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783158/; classtype:trojan-activity;sid:84646258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"2.58.56.228"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783150/; classtype:trojan-activity;sid:84646250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"45.83.31.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783152/; classtype:trojan-activity;sid:84646252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"193.26.115.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783145/; classtype:trojan-activity;sid:84646245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"45.94.31.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783139/; classtype:trojan-activity;sid:84646239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"45.80.158.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783127/; classtype:trojan-activity;sid:84646227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"124.198.131.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783132/; classtype:trojan-activity;sid:84646232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"193.26.115.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783119/; classtype:trojan-activity;sid:84646219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"45.141.215.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783120/; classtype:trojan-activity;sid:84646220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"45.88.186.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783116/; classtype:trojan-activity;sid:84646216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"84.54.33.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783112/; classtype:trojan-activity;sid:84646212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"193.26.115.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783111/; classtype:trojan-activity;sid:84646211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"45.94.31.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783107/; classtype:trojan-activity;sid:84646207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"194.26.192.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783105/; classtype:trojan-activity;sid:84646205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"124.198.132.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783100/; classtype:trojan-activity;sid:84646200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"45.83.31.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783101/; classtype:trojan-activity;sid:84646201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"45.88.186.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783097/; classtype:trojan-activity;sid:84646197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"124.198.131.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783086/; classtype:trojan-activity;sid:84646186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"124.198.131.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783087/; classtype:trojan-activity;sid:84646187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"192.159.99.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783083/; classtype:trojan-activity;sid:84646183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"124.198.132.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783077/; classtype:trojan-activity;sid:84646177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"45.83.31.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783078/; classtype:trojan-activity;sid:84646178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"45.94.31.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783079/; classtype:trojan-activity;sid:84646179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"45.88.186.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783082/; classtype:trojan-activity;sid:84646182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"2.58.56.71"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783072/; classtype:trojan-activity;sid:84646172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"124.198.132.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783073/; classtype:trojan-activity;sid:84646173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"192.159.99.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783064/; classtype:trojan-activity;sid:84646164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"124.198.131.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783060/; classtype:trojan-activity;sid:84646160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"84.54.33.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783061/; classtype:trojan-activity;sid:84646161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"84.54.33.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783053/; classtype:trojan-activity;sid:84646153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"124.198.132.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783044/; classtype:trojan-activity;sid:84646144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"124.198.131.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783036/; classtype:trojan-activity;sid:84646136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"45.88.186.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783039/; classtype:trojan-activity;sid:84646139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"124.198.131.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783041/; classtype:trojan-activity;sid:84646141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"124.198.131.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783030/; classtype:trojan-activity;sid:84646130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"45.83.31.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783033/; classtype:trojan-activity;sid:84646133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"45.88.186.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783001/; classtype:trojan-activity;sid:84646101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"124.198.131.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783002/; classtype:trojan-activity;sid:84646102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"45.94.31.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783003/; classtype:trojan-activity;sid:84646103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"84.54.33.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783006/; classtype:trojan-activity;sid:84646106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"2.58.56.71"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783009/; classtype:trojan-activity;sid:84646109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"192.159.99.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783018/; classtype:trojan-activity;sid:84646118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"45.94.31.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783025/; classtype:trojan-activity;sid:84646125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"185.241.208.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782996/; classtype:trojan-activity;sid:84646096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"45.94.31.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782997/; classtype:trojan-activity;sid:84646097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"45.88.186.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782998/; classtype:trojan-activity;sid:84646098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"45.94.31.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782999/; classtype:trojan-activity;sid:84646099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"2.58.56.134"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782994/; classtype:trojan-activity;sid:84646094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"124.198.132.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782960/; classtype:trojan-activity;sid:84646060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"193.26.115.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782963/; classtype:trojan-activity;sid:84646063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"124.198.131.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782966/; classtype:trojan-activity;sid:84646066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"124.198.131.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782970/; classtype:trojan-activity;sid:84646070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"193.26.115.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782972/; classtype:trojan-activity;sid:84646072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"84.54.33.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782973/; classtype:trojan-activity;sid:84646073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"194.26.192.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782975/; classtype:trojan-activity;sid:84646075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"124.198.132.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782979/; classtype:trojan-activity;sid:84646079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"45.94.31.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782982/; classtype:trojan-activity;sid:84646082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"45.94.31.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782984/; classtype:trojan-activity;sid:84646084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"84.54.33.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782956/; classtype:trojan-activity;sid:84646056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"124.198.131.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782957/; classtype:trojan-activity;sid:84646057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"45.88.186.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782952/; classtype:trojan-activity;sid:84646052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"45.88.186.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782945/; classtype:trojan-activity;sid:84646045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"91.206.169.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782948/; classtype:trojan-activity;sid:84646048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"45.83.31.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782950/; classtype:trojan-activity;sid:84646050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"192.159.99.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782930/; classtype:trojan-activity;sid:84646030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"45.88.186.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782928/; classtype:trojan-activity;sid:84646028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782795)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782795/; classtype:trojan-activity;sid:84645895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782784)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782784/; classtype:trojan-activity;sid:84645884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782785)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782785/; classtype:trojan-activity;sid:84645885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782787)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782787/; classtype:trojan-activity;sid:84645887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782773)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782773/; classtype:trojan-activity;sid:84645873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782783)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782783/; classtype:trojan-activity;sid:84645883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782756)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782756/; classtype:trojan-activity;sid:84645856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782758)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782758/; classtype:trojan-activity;sid:84645858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782759)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782759/; classtype:trojan-activity;sid:84645859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782764)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782764/; classtype:trojan-activity;sid:84645864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782745)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782745/; classtype:trojan-activity;sid:84645845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782746)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782746/; classtype:trojan-activity;sid:84645846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782708)"; flow:established,from_client; content:"GET"; http_method; content:"/nuts/bolts"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"31.59.129.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782708/; classtype:trojan-activity;sid:84645808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782695)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782695/; classtype:trojan-activity;sid:84645795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782689)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782689/; classtype:trojan-activity;sid:84645789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782676)"; flow:established,from_client; content:"GET"; http_method; content:"/nuts/poop"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.59.129.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782676/; classtype:trojan-activity;sid:84645776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.132.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782634/; classtype:trojan-activity;sid:84645734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.226.182.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_21; reference:url, urlhaus.abuse.ch/url/3782464/; classtype:trojan-activity;sid:84645564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782309)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.190.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_21; reference:url, urlhaus.abuse.ch/url/3782309/; classtype:trojan-activity;sid:84645409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.196.206.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_21; reference:url, urlhaus.abuse.ch/url/3782299/; classtype:trojan-activity;sid:84645399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782134)"; flow:established,from_client; content:"GET"; http_method; content:"/elox3"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.94.92.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_21; reference:url, urlhaus.abuse.ch/url/3782134/; classtype:trojan-activity;sid:84645234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.252.100.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_21; reference:url, urlhaus.abuse.ch/url/3782118/; classtype:trojan-activity;sid:84645218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781950)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.68.89.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781950/; classtype:trojan-activity;sid:84645050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"149.106.141.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781948/; classtype:trojan-activity;sid:84645048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.250.168.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781944/; classtype:trojan-activity;sid:84645044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"157.85.69.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781941/; classtype:trojan-activity;sid:84645041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781942)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.89.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781942/; classtype:trojan-activity;sid:84645042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781933)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.b0tnett.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781933/; classtype:trojan-activity;sid:84645033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781929)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"b0tnett.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781929/; classtype:trojan-activity;sid:84645029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781930)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.b0tnett.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781930/; classtype:trojan-activity;sid:84645030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781931)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.b0tnett.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781931/; classtype:trojan-activity;sid:84645031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781926)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"b0tnett.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781926/; classtype:trojan-activity;sid:84645026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781927)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"b0tnett.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781927/; classtype:trojan-activity;sid:84645027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781928)"; flow:established,from_client; content:"GET"; http_method; content:"/cache"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cnc.mu-minhvuong.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781928/; classtype:trojan-activity;sid:84645028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781925)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"b0tnett.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781925/; classtype:trojan-activity;sid:84645025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781915)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"b0tnett.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781915/; classtype:trojan-activity;sid:84645015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781916)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.b0tnett.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781916/; classtype:trojan-activity;sid:84645016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781918)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.b0tnett.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781918/; classtype:trojan-activity;sid:84645018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781919)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.b0tnett.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781919/; classtype:trojan-activity;sid:84645019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781921)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.b0tnett.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781921/; classtype:trojan-activity;sid:84645021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781922)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.b0tnett.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781922/; classtype:trojan-activity;sid:84645022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781923)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.b0tnett.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781923/; classtype:trojan-activity;sid:84645023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781924)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.b0tnett.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781924/; classtype:trojan-activity;sid:84645024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781909)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"b0tnett.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781909/; classtype:trojan-activity;sid:84645009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781910)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"b0tnett.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781910/; classtype:trojan-activity;sid:84645010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781911)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"b0tnett.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781911/; classtype:trojan-activity;sid:84645011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781912)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"b0tnett.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781912/; classtype:trojan-activity;sid:84645012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781913)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"b0tnett.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781913/; classtype:trojan-activity;sid:84645013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781914)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"b0tnett.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781914/; classtype:trojan-activity;sid:84645014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781830)"; flow:established,from_client; content:"GET"; http_method; content:"/cache"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"180.93.52.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781830/; classtype:trojan-activity;sid:84644930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.29.46.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781799/; classtype:trojan-activity;sid:84644899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781644)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"175.120.108.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781644/; classtype:trojan-activity;sid:84644744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781641)"; flow:established,from_client; content:"GET"; http_method; content:"/cacti/ns3.jpg"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.56.149.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781641/; classtype:trojan-activity;sid:84644741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781617)"; flow:established,from_client; content:"GET"; http_method; content:"/h64.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaronart.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781617/; classtype:trojan-activity;sid:84644717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781614)"; flow:established,from_client; content:"GET"; http_method; content:"/m64.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"creativevoltage.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781614/; classtype:trojan-activity;sid:84644714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781435)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.196.206.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781435/; classtype:trojan-activity;sid:84644535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781346)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclearbomb.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.60.226.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781346/; classtype:trojan-activity;sid:84644446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781331)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"111.228.4.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781331/; classtype:trojan-activity;sid:84644431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.104.195.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781329/; classtype:trojan-activity;sid:84644429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.193.243.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781330/; classtype:trojan-activity;sid:84644430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781326)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"136.233.149.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781326/; classtype:trojan-activity;sid:84644426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781327)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.73.169.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781327/; classtype:trojan-activity;sid:84644427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781328)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.89.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781328/; classtype:trojan-activity;sid:84644428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.206.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781323/; classtype:trojan-activity;sid:84644423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.10.79.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781262/; classtype:trojan-activity;sid:84644362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.10.79.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781260/; classtype:trojan-activity;sid:84644360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.247.93.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781120/; classtype:trojan-activity;sid:84644220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.93.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781109/; classtype:trojan-activity;sid:84644209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781094)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_32"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.236.64.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781094/; classtype:trojan-activity;sid:84644194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781093)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.236.64.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781093/; classtype:trojan-activity;sid:84644193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781088)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.236.64.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781088/; classtype:trojan-activity;sid:84644188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781089)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.236.64.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781089/; classtype:trojan-activity;sid:84644189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781090)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.236.64.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781090/; classtype:trojan-activity;sid:84644190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781091)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.236.64.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781091/; classtype:trojan-activity;sid:84644191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781092)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.236.64.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781092/; classtype:trojan-activity;sid:84644192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781086)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.236.64.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781086/; classtype:trojan-activity;sid:84644186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781081)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.236.64.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781081/; classtype:trojan-activity;sid:84644181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781082)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.236.64.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781082/; classtype:trojan-activity;sid:84644182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781083)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.236.64.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781083/; classtype:trojan-activity;sid:84644183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781085)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.236.64.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781085/; classtype:trojan-activity;sid:84644185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780816)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.102.137.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780816/; classtype:trojan-activity;sid:84643916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780817)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.102.137.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780817/; classtype:trojan-activity;sid:84643917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780818)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.102.137.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780818/; classtype:trojan-activity;sid:84643918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780819)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"27.102.137.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780819/; classtype:trojan-activity;sid:84643919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780820)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.102.137.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780820/; classtype:trojan-activity;sid:84643920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780810)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.102.137.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780810/; classtype:trojan-activity;sid:84643910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780811)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.102.137.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780811/; classtype:trojan-activity;sid:84643911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780812)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.102.137.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780812/; classtype:trojan-activity;sid:84643912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780813)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.102.137.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780813/; classtype:trojan-activity;sid:84643913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780814)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.102.137.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780814/; classtype:trojan-activity;sid:84643914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780815)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.102.137.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780815/; classtype:trojan-activity;sid:84643915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780774)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.166.163.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780774/; classtype:trojan-activity;sid:84643874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780767)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780767/; classtype:trojan-activity;sid:84643867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780764)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.166.163.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780764/; classtype:trojan-activity;sid:84643864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780758)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"190.166.163.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780758/; classtype:trojan-activity;sid:84643858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780747)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.166.163.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780747/; classtype:trojan-activity;sid:84643847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780549)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"116.103.170.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780549/; classtype:trojan-activity;sid:84643649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780548)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.16.9"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780548/; classtype:trojan-activity;sid:84643648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780545)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.16.9"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780545/; classtype:trojan-activity;sid:84643645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.15.155.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780546/; classtype:trojan-activity;sid:84643646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780540)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.73.162.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780540/; classtype:trojan-activity;sid:84643640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780504)"; flow:established,from_client; content:"GET"; http_method; content:"/view_archive.php|3f|archive=/35/items/201004011329/201004011329.iso|7c|26|7c|file=activation%20%26%20serial%20for%20windows%20xp%2frockxp4.exe"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"ia802801.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780504/; classtype:trojan-activity;sid:84643604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780332)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.227.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780332/; classtype:trojan-activity;sid:84643432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780328)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.112.40.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780328/; classtype:trojan-activity;sid:84643428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780321)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.249.54.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780321/; classtype:trojan-activity;sid:84643421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780322)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.193.243.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780322/; classtype:trojan-activity;sid:84643422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780324)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.120.203.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780324/; classtype:trojan-activity;sid:84643424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780320)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"157.85.69.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780320/; classtype:trojan-activity;sid:84643420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780281)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/widgets/class-wp-widget-index.html"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"mistralkorea.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780281/; classtype:trojan-activity;sid:84643381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780170)"; flow:established,from_client; content:"GET"; http_method; content:"/ghost.bot.apk.v13.apk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"shadowbot-dih.pages.dev"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780170/; classtype:trojan-activity;sid:84643270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780164)"; flow:established,from_client; content:"GET"; http_method; content:"/shadow-bot-v11.apk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"shadowbot-dih.pages.dev"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780164/; classtype:trojan-activity;sid:84643264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779986)"; flow:established,from_client; content:"GET"; http_method; content:"/launcher.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"62.60.226.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779986/; classtype:trojan-activity;sid:84643086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779935)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.90.206.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779935/; classtype:trojan-activity;sid:84643035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779934)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.6.196.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779934/; classtype:trojan-activity;sid:84643034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.246.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779755/; classtype:trojan-activity;sid:84642855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779646)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pspc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779646/; classtype:trojan-activity;sid:84642746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779644)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779644/; classtype:trojan-activity;sid:84642744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779635)"; flow:established,from_client; content:"GET"; http_method; content:"/abc2.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779635/; classtype:trojan-activity;sid:84642735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779637)"; flow:established,from_client; content:"GET"; http_method; content:"/abc1.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779637/; classtype:trojan-activity;sid:84642737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779638)"; flow:established,from_client; content:"GET"; http_method; content:"/abc3.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779638/; classtype:trojan-activity;sid:84642738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779631)"; flow:established,from_client; content:"GET"; http_method; content:"/jack5tr.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779631/; classtype:trojan-activity;sid:84642731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779630)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779630/; classtype:trojan-activity;sid:84642730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779626)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779626/; classtype:trojan-activity;sid:84642726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779622)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779622/; classtype:trojan-activity;sid:84642722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779621)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779621/; classtype:trojan-activity;sid:84642721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779620)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779620/; classtype:trojan-activity;sid:84642720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779617)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779617/; classtype:trojan-activity;sid:84642717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779618)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779618/; classtype:trojan-activity;sid:84642718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779606)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779606/; classtype:trojan-activity;sid:84642706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779608)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779608/; classtype:trojan-activity;sid:84642708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779615)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779615/; classtype:trojan-activity;sid:84642715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779603)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779603/; classtype:trojan-activity;sid:84642703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779604)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779604/; classtype:trojan-activity;sid:84642704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779605)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779605/; classtype:trojan-activity;sid:84642705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779477)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.112.207.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779477/; classtype:trojan-activity;sid:84642577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779476)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.112.207.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779476/; classtype:trojan-activity;sid:84642576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779475)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.112.207.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779475/; classtype:trojan-activity;sid:84642575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779474)"; flow:established,from_client; content:"GET"; http_method; content:"/4.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.112.207.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779474/; classtype:trojan-activity;sid:84642574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.103.0.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779466/; classtype:trojan-activity;sid:84642566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.103.0.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779457/; classtype:trojan-activity;sid:84642557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.238.254.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779357/; classtype:trojan-activity;sid:84642457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779330)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.34.247.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779330/; classtype:trojan-activity;sid:84642430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779333)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"153.37.228.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779333/; classtype:trojan-activity;sid:84642433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.209.57.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779262/; classtype:trojan-activity;sid:84642362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.209.57.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779259/; classtype:trojan-activity;sid:84642359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779104)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_16; reference:url, urlhaus.abuse.ch/url/3779104/; classtype:trojan-activity;sid:84642204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779105)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_16; reference:url, urlhaus.abuse.ch/url/3779105/; classtype:trojan-activity;sid:84642205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779106)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_16; reference:url, urlhaus.abuse.ch/url/3779106/; classtype:trojan-activity;sid:84642206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779100)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_16; reference:url, urlhaus.abuse.ch/url/3779100/; classtype:trojan-activity;sid:84642200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779101)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_16; reference:url, urlhaus.abuse.ch/url/3779101/; classtype:trojan-activity;sid:84642201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779102)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_16; reference:url, urlhaus.abuse.ch/url/3779102/; classtype:trojan-activity;sid:84642202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779103)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_16; reference:url, urlhaus.abuse.ch/url/3779103/; classtype:trojan-activity;sid:84642203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779098)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_16; reference:url, urlhaus.abuse.ch/url/3779098/; classtype:trojan-activity;sid:84642198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779099)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_16; reference:url, urlhaus.abuse.ch/url/3779099/; classtype:trojan-activity;sid:84642199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778871)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.200.193.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_16; reference:url, urlhaus.abuse.ch/url/3778871/; classtype:trojan-activity;sid:84641971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778793)"; flow:established,from_client; content:"GET"; http_method; content:"/file/ueditor/php/upload/file/20250114/x1/ref-cli%20v1.0.3.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"m.meta-dm.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_16; reference:url, urlhaus.abuse.ch/url/3778793/; classtype:trojan-activity;sid:84641893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778789)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.15.155.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_16; reference:url, urlhaus.abuse.ch/url/3778789/; classtype:trojan-activity;sid:84641889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778746)"; flow:established,from_client; content:"GET"; http_method; content:"/15%ec%8b%ac%ed%94%8c%ec%8a%a4%ec%ba%94.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"m.jkoa.co.kr"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_16; reference:url, urlhaus.abuse.ch/url/3778746/; classtype:trojan-activity;sid:84641846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778741)"; flow:established,from_client; content:"GET"; http_method; content:"/cacti/aminer.gz"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.56.149.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_16; reference:url, urlhaus.abuse.ch/url/3778741/; classtype:trojan-activity;sid:84641841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778710)"; flow:established,from_client; content:"GET"; http_method; content:"/cacti/install.tgz"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.56.149.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_16; reference:url, urlhaus.abuse.ch/url/3778710/; classtype:trojan-activity;sid:84641810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778496)"; flow:established,from_client; content:"GET"; http_method; content:"/hola.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_15; reference:url, urlhaus.abuse.ch/url/3778496/; classtype:trojan-activity;sid:84641596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778490)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.191.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_15; reference:url, urlhaus.abuse.ch/url/3778490/; classtype:trojan-activity;sid:84641590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778437)"; flow:established,from_client; content:"GET"; http_method; content:"/zx.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.107.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_15; reference:url, urlhaus.abuse.ch/url/3778437/; classtype:trojan-activity;sid:84641537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778432)"; flow:established,from_client; content:"GET"; http_method; content:"/nk.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.107.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_15; reference:url, urlhaus.abuse.ch/url/3778432/; classtype:trojan-activity;sid:84641532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778425)"; flow:established,from_client; content:"GET"; http_method; content:"/buildx_x64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.107.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_15; reference:url, urlhaus.abuse.ch/url/3778425/; classtype:trojan-activity;sid:84641525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.157.55.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_15; reference:url, urlhaus.abuse.ch/url/3778351/; classtype:trojan-activity;sid:84641451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777931)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"103.74.5.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777931/; classtype:trojan-activity;sid:84641031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777928)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"139.59.31.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777928/; classtype:trojan-activity;sid:84641028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777921)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"162.240.96.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777921/; classtype:trojan-activity;sid:84641021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777922)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"162.240.96.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777922/; classtype:trojan-activity;sid:84641022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777918)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"118.139.167.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777918/; classtype:trojan-activity;sid:84641018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777919)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"172.96.189.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777919/; classtype:trojan-activity;sid:84641019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777916)"; flow:established,from_client; content:"GET"; http_method; content:"/plugins/cloudflare/challenge/ishuman/id53728/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"widexenmexico.com.mx"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777916/; classtype:trojan-activity;sid:84641016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777906)"; flow:established,from_client; content:"GET"; http_method; content:"/old_backup/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"216.119.126.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777906/; classtype:trojan-activity;sid:84641006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777901)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_linux_armv7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"64.227.154.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777901/; classtype:trojan-activity;sid:84641001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777902)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_linux_arm64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"64.227.154.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777902/; classtype:trojan-activity;sid:84641002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777903)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_linux_mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.227.154.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777903/; classtype:trojan-activity;sid:84641003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777899)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_linux_amd64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"64.227.154.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777899/; classtype:trojan-activity;sid:84640999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777898)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_linux_mipsle"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"64.227.154.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777898/; classtype:trojan-activity;sid:84640998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.148.18.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777793/; classtype:trojan-activity;sid:84640893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"205.250.174.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777500/; classtype:trojan-activity;sid:84640600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777416)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"definitely-not.gay"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777416/; classtype:trojan-activity;sid:84640516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777392)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"definitely-not.gay"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777392/; classtype:trojan-activity;sid:84640492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777393)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.dick"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"definitely-not.gay"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777393/; classtype:trojan-activity;sid:84640493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777395)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"definitely-not.gay"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777395/; classtype:trojan-activity;sid:84640495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777396)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"definitely-not.gay"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777396/; classtype:trojan-activity;sid:84640496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777398)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"definitely-not.gay"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777398/; classtype:trojan-activity;sid:84640498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777401)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"definitely-not.gay"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777401/; classtype:trojan-activity;sid:84640501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777403)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"definitely-not.gay"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777403/; classtype:trojan-activity;sid:84640503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777404)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.dick"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"definitely-not.gay"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777404/; classtype:trojan-activity;sid:84640504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777406)"; flow:established,from_client; content:"GET"; http_method; content:"/dick.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"definitely-not.gay"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777406/; classtype:trojan-activity;sid:84640506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777407)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.dick"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"definitely-not.gay"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777407/; classtype:trojan-activity;sid:84640507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777408)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.dick"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"definitely-not.gay"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777408/; classtype:trojan-activity;sid:84640508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777410)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"definitely-not.gay"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777410/; classtype:trojan-activity;sid:84640510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777360)"; flow:established,from_client; content:"GET"; http_method; content:"/via.wsh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"57.131.18.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777360/; classtype:trojan-activity;sid:84640460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777361)"; flow:established,from_client; content:"GET"; http_method; content:"/tpol.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"57.131.18.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777361/; classtype:trojan-activity;sid:84640461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777362)"; flow:established,from_client; content:"GET"; http_method; content:"/rechung/mahnung-skm998234.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"57.131.18.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777362/; classtype:trojan-activity;sid:84640462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777363)"; flow:established,from_client; content:"GET"; http_method; content:"/xe.zip"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"57.131.18.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777363/; classtype:trojan-activity;sid:84640463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777364)"; flow:established,from_client; content:"GET"; http_method; content:"/sar.js"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"57.131.18.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777364/; classtype:trojan-activity;sid:84640464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777312)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"111.123.41.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777312/; classtype:trojan-activity;sid:84640412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777313)"; flow:established,from_client; content:"GET"; http_method; content:"/fucknet"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"111.123.41.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777313/; classtype:trojan-activity;sid:84640413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777314)"; flow:established,from_client; content:"GET"; http_method; content:"/cracknet"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"111.123.41.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777314/; classtype:trojan-activity;sid:84640414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777315)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.123.41.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777315/; classtype:trojan-activity;sid:84640415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777316)"; flow:established,from_client; content:"GET"; http_method; content:"/dicknet"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"111.123.41.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777316/; classtype:trojan-activity;sid:84640416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777317)"; flow:established,from_client; content:"GET"; http_method; content:"/unet"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"111.123.41.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777317/; classtype:trojan-activity;sid:84640417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777318)"; flow:established,from_client; content:"GET"; http_method; content:"/net"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"111.123.41.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777318/; classtype:trojan-activity;sid:84640418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777319)"; flow:established,from_client; content:"GET"; http_method; content:"/cock"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"111.123.41.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777319/; classtype:trojan-activity;sid:84640419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777320)"; flow:established,from_client; content:"GET"; http_method; content:"/ballnet"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"111.123.41.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777320/; classtype:trojan-activity;sid:84640420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777321)"; flow:established,from_client; content:"GET"; http_method; content:"/swatnet"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"111.123.41.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777321/; classtype:trojan-activity;sid:84640421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777322)"; flow:established,from_client; content:"GET"; http_method; content:"/gaynet"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.123.41.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777322/; classtype:trojan-activity;sid:84640422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777323)"; flow:established,from_client; content:"GET"; http_method; content:"/weednet"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"111.123.41.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777323/; classtype:trojan-activity;sid:84640423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777248)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.239.230.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777248/; classtype:trojan-activity;sid:84640348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777249)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.76.143.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777249/; classtype:trojan-activity;sid:84640349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777252)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"128.241.229.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777252/; classtype:trojan-activity;sid:84640352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777253)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.141.93.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777253/; classtype:trojan-activity;sid:84640353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777254)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"70.169.51.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777254/; classtype:trojan-activity;sid:84640354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777255)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.45.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777255/; classtype:trojan-activity;sid:84640355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.217.84.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777245/; classtype:trojan-activity;sid:84640345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.165.251.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777240/; classtype:trojan-activity;sid:84640340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.251.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777242/; classtype:trojan-activity;sid:84640342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"199.48.76.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777232/; classtype:trojan-activity;sid:84640332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.112.101.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777227/; classtype:trojan-activity;sid:84640327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.109.73.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777222/; classtype:trojan-activity;sid:84640322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.98.184.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777219/; classtype:trojan-activity;sid:84640319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.173.12.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777214/; classtype:trojan-activity;sid:84640314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.190.234.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777203/; classtype:trojan-activity;sid:84640303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.120.97.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777202/; classtype:trojan-activity;sid:84640302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"184.160.27.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777197/; classtype:trojan-activity;sid:84640297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"149.50.186.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777198/; classtype:trojan-activity;sid:84640298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777190)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.19.117.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777190/; classtype:trojan-activity;sid:84640290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777178)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.16.9"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777178/; classtype:trojan-activity;sid:84640278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777182)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.20.75"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777182/; classtype:trojan-activity;sid:84640282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777183)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.101.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777183/; classtype:trojan-activity;sid:84640283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777188)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.154.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777188/; classtype:trojan-activity;sid:84640288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777171)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777171/; classtype:trojan-activity;sid:84640271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777173)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777173/; classtype:trojan-activity;sid:84640273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777174)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777174/; classtype:trojan-activity;sid:84640274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777175)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777175/; classtype:trojan-activity;sid:84640275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777176)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777176/; classtype:trojan-activity;sid:84640276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777170)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777170/; classtype:trojan-activity;sid:84640270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777127)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"43.228.157.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777127/; classtype:trojan-activity;sid:84640227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777116)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"43.228.157.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777116/; classtype:trojan-activity;sid:84640216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777117)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"43.228.157.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777117/; classtype:trojan-activity;sid:84640217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777118)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"43.228.157.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777118/; classtype:trojan-activity;sid:84640218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777119)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"43.228.157.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777119/; classtype:trojan-activity;sid:84640219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777120)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"43.228.157.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777120/; classtype:trojan-activity;sid:84640220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777121)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"43.228.157.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777121/; classtype:trojan-activity;sid:84640221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777122)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"43.228.157.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777122/; classtype:trojan-activity;sid:84640222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777123)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"43.228.157.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777123/; classtype:trojan-activity;sid:84640223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777124)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"43.228.157.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777124/; classtype:trojan-activity;sid:84640224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777125)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"43.228.157.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777125/; classtype:trojan-activity;sid:84640225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777126)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"43.228.157.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777126/; classtype:trojan-activity;sid:84640226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777084)"; flow:established,from_client; content:"GET"; http_method; content:"/fscan32.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"124.44.3.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777084/; classtype:trojan-activity;sid:84640184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777069)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"124.44.3.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777069/; classtype:trojan-activity;sid:84640169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777050)"; flow:established,from_client; content:"GET"; http_method; content:"/re45766712.msi"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"drevos.ro"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777050/; classtype:trojan-activity;sid:84640150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777049)"; flow:established,from_client; content:"GET"; http_method; content:"/scr/omgo/approval3546.msi"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"luizmatoso.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777049/; classtype:trojan-activity;sid:84640149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777048)"; flow:established,from_client; content:"GET"; http_method; content:"/ref62535.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vizyonuniversitesi.web.tr"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777048/; classtype:trojan-activity;sid:84640148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776898)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.196.41.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3776898/; classtype:trojan-activity;sid:84639998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776900)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.196.41.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3776900/; classtype:trojan-activity;sid:84640000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776901)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"xanax.enzostress.st"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3776901/; classtype:trojan-activity;sid:84640001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776902)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"xanax.enzostress.st"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3776902/; classtype:trojan-activity;sid:84640002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776895)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xanax.enzostress.st"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3776895/; classtype:trojan-activity;sid:84639995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776896)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xanax.enzostress.st"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3776896/; classtype:trojan-activity;sid:84639996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776897)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xanax.enzostress.st"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3776897/; classtype:trojan-activity;sid:84639997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776893)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xanax.enzostress.st"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3776893/; classtype:trojan-activity;sid:84639993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776894)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xanax.enzostress.st"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3776894/; classtype:trojan-activity;sid:84639994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776892)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xanax.enzostress.st"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3776892/; classtype:trojan-activity;sid:84639992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776891)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xanax.enzostress.st"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3776891/; classtype:trojan-activity;sid:84639991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.94.220.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3776837/; classtype:trojan-activity;sid:84639937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776735)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.196.41.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3776735/; classtype:trojan-activity;sid:84639835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776736)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.196.41.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3776736/; classtype:trojan-activity;sid:84639836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776731)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.196.41.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3776731/; classtype:trojan-activity;sid:84639831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776732)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.196.41.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3776732/; classtype:trojan-activity;sid:84639832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776733)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.196.41.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3776733/; classtype:trojan-activity;sid:84639833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776653)"; flow:established,from_client; content:"GET"; http_method; content:"/joh/encrypted.ps1"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"refaccionesalma.com.mx"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776653/; classtype:trojan-activity;sid:84639753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776584)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"217.154.88.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776584/; classtype:trojan-activity;sid:84639684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776585)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"217.154.88.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776585/; classtype:trojan-activity;sid:84639685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776338)"; flow:established,from_client; content:"GET"; http_method; content:"/rdstgcde/upwawsfrg.php|3f|zz=1337"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.38.92.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776338/; classtype:trojan-activity;sid:84639438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.93.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776140/; classtype:trojan-activity;sid:84639240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776097)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.ppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776097/; classtype:trojan-activity;sid:84639197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776098)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.arc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776098/; classtype:trojan-activity;sid:84639198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776099)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.arm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776099/; classtype:trojan-activity;sid:84639199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776100)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.arm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776100/; classtype:trojan-activity;sid:84639200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776101)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.arm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776101/; classtype:trojan-activity;sid:84639201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776102)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.mpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776102/; classtype:trojan-activity;sid:84639202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776103)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.sh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776103/; classtype:trojan-activity;sid:84639203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776104)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.m68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776104/; classtype:trojan-activity;sid:84639204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776105)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.spc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776105/; classtype:trojan-activity;sid:84639205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776106)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.x86_64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776106/; classtype:trojan-activity;sid:84639206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776107)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.arm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776107/; classtype:trojan-activity;sid:84639207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776108)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776108/; classtype:trojan-activity;sid:84639208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3775960)"; flow:established,from_client; content:"GET"; http_method; content:"/download/crackloader.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"39.106.81.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_11; reference:url, urlhaus.abuse.ch/url/3775960/; classtype:trojan-activity;sid:84639060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3775935)"; flow:established,from_client; content:"GET"; http_method; content:"/nexbin/nexus.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"202.155.10.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_11; reference:url, urlhaus.abuse.ch/url/3775935/; classtype:trojan-activity;sid:84639035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3775936)"; flow:established,from_client; content:"GET"; http_method; content:"/nexbin/nexus.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"202.155.10.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_11; reference:url, urlhaus.abuse.ch/url/3775936/; classtype:trojan-activity;sid:84639036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3775937)"; flow:established,from_client; content:"GET"; http_method; content:"/nexbin/nexus.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"202.155.10.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_11; reference:url, urlhaus.abuse.ch/url/3775937/; classtype:trojan-activity;sid:84639037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3775938)"; flow:established,from_client; content:"GET"; http_method; content:"/nexbin/nexus.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.155.10.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_11; reference:url, urlhaus.abuse.ch/url/3775938/; classtype:trojan-activity;sid:84639038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3775928)"; flow:established,from_client; content:"GET"; http_method; content:"/nexbin/nexus.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.155.10.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_11; reference:url, urlhaus.abuse.ch/url/3775928/; classtype:trojan-activity;sid:84639028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3775929)"; flow:established,from_client; content:"GET"; http_method; content:"/nexbin/nexus.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.155.10.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_11; reference:url, urlhaus.abuse.ch/url/3775929/; classtype:trojan-activity;sid:84639029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3775930)"; flow:established,from_client; content:"GET"; http_method; content:"/nexbin/nexus.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"202.155.10.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_11; reference:url, urlhaus.abuse.ch/url/3775930/; classtype:trojan-activity;sid:84639030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3775931)"; flow:established,from_client; content:"GET"; http_method; content:"/nexbin/nexus.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.155.10.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_11; reference:url, urlhaus.abuse.ch/url/3775931/; classtype:trojan-activity;sid:84639031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3775932)"; flow:established,from_client; content:"GET"; http_method; content:"/nexbin/nexus.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.155.10.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_11; reference:url, urlhaus.abuse.ch/url/3775932/; classtype:trojan-activity;sid:84639032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3775933)"; flow:established,from_client; content:"GET"; http_method; content:"/nexbin/nexus.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.155.10.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_11; reference:url, urlhaus.abuse.ch/url/3775933/; classtype:trojan-activity;sid:84639033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3775587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.247.93.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_10; reference:url, urlhaus.abuse.ch/url/3775587/; classtype:trojan-activity;sid:84638687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3775537)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.x86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_10; reference:url, urlhaus.abuse.ch/url/3775537/; classtype:trojan-activity;sid:84638637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3775493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"23.94.153.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_10; reference:url, urlhaus.abuse.ch/url/3775493/; classtype:trojan-activity;sid:84638593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3775311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"205.250.174.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_10; reference:url, urlhaus.abuse.ch/url/3775311/; classtype:trojan-activity;sid:84638411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774774)"; flow:established,from_client; content:"GET"; http_method; content:"/watching"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.8.78.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774774/; classtype:trojan-activity;sid:84637874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774775)"; flow:established,from_client; content:"GET"; http_method; content:"/gs-netcat_linux-x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.8.78.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774775/; classtype:trojan-activity;sid:84637875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774772)"; flow:established,from_client; content:"GET"; http_method; content:"/miner/java.err"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"46.8.78.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774772/; classtype:trojan-activity;sid:84637872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774770)"; flow:established,from_client; content:"GET"; http_method; content:"/miner/start"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.8.78.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774770/; classtype:trojan-activity;sid:84637870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774771)"; flow:established,from_client; content:"GET"; http_method; content:"/miner/fd-monitor"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"46.8.78.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774771/; classtype:trojan-activity;sid:84637871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774762)"; flow:established,from_client; content:"GET"; http_method; content:"/cc.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.59.136.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774762/; classtype:trojan-activity;sid:84637862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774764)"; flow:established,from_client; content:"GET"; http_method; content:"/ds.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.59.136.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774764/; classtype:trojan-activity;sid:84637864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774741)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.59.136.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774741/; classtype:trojan-activity;sid:84637841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774739)"; flow:established,from_client; content:"GET"; http_method; content:"/ss"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.8.78.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774739/; classtype:trojan-activity;sid:84637839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774734)"; flow:established,from_client; content:"GET"; http_method; content:"/system"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.8.78.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774734/; classtype:trojan-activity;sid:84637834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774731)"; flow:established,from_client; content:"GET"; http_method; content:"/systemd"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.8.78.175"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774731/; classtype:trojan-activity;sid:84637831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774732)"; flow:established,from_client; content:"GET"; http_method; content:"/gs"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.8.78.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774732/; classtype:trojan-activity;sid:84637832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774729)"; flow:established,from_client; content:"GET"; http_method; content:"/xpl"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"46.8.78.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774729/; classtype:trojan-activity;sid:84637829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774723)"; flow:established,from_client; content:"GET"; http_method; content:"/ntp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.59.136.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774723/; classtype:trojan-activity;sid:84637823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774720)"; flow:established,from_client; content:"GET"; http_method; content:"/qs"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.121.79.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774720/; classtype:trojan-activity;sid:84637820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774718)"; flow:established,from_client; content:"GET"; http_method; content:"/err"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"46.8.78.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774718/; classtype:trojan-activity;sid:84637818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774719)"; flow:established,from_client; content:"GET"; http_method; content:"/root"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.8.78.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774719/; classtype:trojan-activity;sid:84637819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774713)"; flow:established,from_client; content:"GET"; http_method; content:"/check"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.59.136.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774713/; classtype:trojan-activity;sid:84637813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774714)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.59.136.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774714/; classtype:trojan-activity;sid:84637814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774712)"; flow:established,from_client; content:"GET"; http_method; content:"/mips64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.58.50.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774712/; classtype:trojan-activity;sid:84637812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774709)"; flow:established,from_client; content:"GET"; http_method; content:"/busybox-armv7l"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774709/; classtype:trojan-activity;sid:84637809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774708)"; flow:established,from_client; content:"GET"; http_method; content:"/dns"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.59.136.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774708/; classtype:trojan-activity;sid:84637808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774707)"; flow:established,from_client; content:"GET"; http_method; content:"/client"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.59.136.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774707/; classtype:trojan-activity;sid:84637807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774679)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"13.41.96.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774679/; classtype:trojan-activity;sid:84637779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774678)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.181.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774678/; classtype:trojan-activity;sid:84637778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774677)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.190.140.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774677/; classtype:trojan-activity;sid:84637777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774675)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.79.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774675/; classtype:trojan-activity;sid:84637775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774674)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"138.124.15.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774674/; classtype:trojan-activity;sid:84637774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774665)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"212.14.244.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774665/; classtype:trojan-activity;sid:84637765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774669)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.138.222.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774669/; classtype:trojan-activity;sid:84637769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774672)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.38.250.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774672/; classtype:trojan-activity;sid:84637772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774658)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.190.233.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774658/; classtype:trojan-activity;sid:84637758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774654)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"111.228.55.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774654/; classtype:trojan-activity;sid:84637754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774640)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.219.76.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774640/; classtype:trojan-activity;sid:84637740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774641)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"36.140.162.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774641/; classtype:trojan-activity;sid:84637741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774642)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.105.36.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774642/; classtype:trojan-activity;sid:84637742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774646)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"170.64.234.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774646/; classtype:trojan-activity;sid:84637746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774647)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"170.64.221.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774647/; classtype:trojan-activity;sid:84637747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774649)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"202.146.218.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774649/; classtype:trojan-activity;sid:84637749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774624)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"35.199.157.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774624/; classtype:trojan-activity;sid:84637724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774626)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vitoboy.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774626/; classtype:trojan-activity;sid:84637726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774628)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"52.248.41.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774628/; classtype:trojan-activity;sid:84637728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774633)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"18.119.116.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774633/; classtype:trojan-activity;sid:84637733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774635)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.3.233.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774635/; classtype:trojan-activity;sid:84637735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774620)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"172.208.108.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774620/; classtype:trojan-activity;sid:84637720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774493)"; flow:established,from_client; content:"GET"; http_method; content:"/get"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.59.136.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774493/; classtype:trojan-activity;sid:84637593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774465)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.181.87.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774465/; classtype:trojan-activity;sid:84637565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774463)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.8.78.175"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774463/; classtype:trojan-activity;sid:84637563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774464)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.59.136.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774464/; classtype:trojan-activity;sid:84637564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774454)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.58.50.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774454/; classtype:trojan-activity;sid:84637554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774443)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.58.50.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774443/; classtype:trojan-activity;sid:84637543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774444)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.58.50.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774444/; classtype:trojan-activity;sid:84637544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774445)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.58.50.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774445/; classtype:trojan-activity;sid:84637545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774446)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.58.50.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774446/; classtype:trojan-activity;sid:84637546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774447)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"46.8.78.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774447/; classtype:trojan-activity;sid:84637547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774437)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.58.50.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774437/; classtype:trojan-activity;sid:84637537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774438)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.58.50.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774438/; classtype:trojan-activity;sid:84637538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774439)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.58.50.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774439/; classtype:trojan-activity;sid:84637539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774440)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.58.50.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774440/; classtype:trojan-activity;sid:84637540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774441)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.58.50.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774441/; classtype:trojan-activity;sid:84637541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774431)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.58.50.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774431/; classtype:trojan-activity;sid:84637531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774432)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.58.50.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774432/; classtype:trojan-activity;sid:84637532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774338)"; flow:established,from_client; content:"GET"; http_method; content:"/2025/09/27/1758984967-5707.jpeg"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"i.404.pm"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774338/; classtype:trojan-activity;sid:84637438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774350)"; flow:established,from_client; content:"GET"; http_method; content:"/2025/11/12/1762933913-224.jpeg"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"i.404.pm"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774350/; classtype:trojan-activity;sid:84637450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774333)"; flow:established,from_client; content:"GET"; http_method; content:"/download/install.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"39.106.81.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774333/; classtype:trojan-activity;sid:84637433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774332)"; flow:established,from_client; content:"GET"; http_method; content:"/download/xq4gnk9auvfo4.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"39.106.81.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774332/; classtype:trojan-activity;sid:84637432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774331)"; flow:established,from_client; content:"GET"; http_method; content:"/download/setup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"39.106.81.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774331/; classtype:trojan-activity;sid:84637431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774330)"; flow:established,from_client; content:"GET"; http_method; content:"/download/y3593ugc11d2.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"39.106.81.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774330/; classtype:trojan-activity;sid:84637430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774327)"; flow:established,from_client; content:"GET"; http_method; content:"/download/xa29d6ca899a2a2c1497b192dc8aeb1cb6290109c347ffe3bc66d950dc0b0f1a6.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"39.106.81.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774327/; classtype:trojan-activity;sid:84637427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774328)"; flow:established,from_client; content:"GET"; http_method; content:"/download/x554650562de7ff4b0a266857cdd8bad5c3445dbe23816c7898eb679d34652391.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"39.106.81.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774328/; classtype:trojan-activity;sid:84637428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774325)"; flow:established,from_client; content:"GET"; http_method; content:"/download/keygeneratorpro.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"39.106.81.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774325/; classtype:trojan-activity;sid:84637425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774326)"; flow:established,from_client; content:"GET"; http_method; content:"/download/37kks9r5aov0.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"39.106.81.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774326/; classtype:trojan-activity;sid:84637426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774310)"; flow:established,from_client; content:"GET"; http_method; content:"/download/syntex_spoofer.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"39.106.81.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774310/; classtype:trojan-activity;sid:84637410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774309)"; flow:established,from_client; content:"GET"; http_method; content:"/download/roblox_executor.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"39.106.81.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774309/; classtype:trojan-activity;sid:84637409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774273)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.97.36.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774273/; classtype:trojan-activity;sid:84637373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774274)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.119.108.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774274/; classtype:trojan-activity;sid:84637374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774270)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"83.217.16.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774270/; classtype:trojan-activity;sid:84637370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774265)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.30.92.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774265/; classtype:trojan-activity;sid:84637365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774267)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.251.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774267/; classtype:trojan-activity;sid:84637367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774258)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.217.84.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774258/; classtype:trojan-activity;sid:84637358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774255)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.29.91.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774255/; classtype:trojan-activity;sid:84637355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774245)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.220.163.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774245/; classtype:trojan-activity;sid:84637345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774247)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.171.188.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774247/; classtype:trojan-activity;sid:84637347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774248)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.109.73.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774248/; classtype:trojan-activity;sid:84637348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774117)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.168.95.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774117/; classtype:trojan-activity;sid:84637217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774107)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.168.95.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774107/; classtype:trojan-activity;sid:84637207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774108)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.168.95.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774108/; classtype:trojan-activity;sid:84637208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774109)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"83.168.95.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774109/; classtype:trojan-activity;sid:84637209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774110)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.168.95.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774110/; classtype:trojan-activity;sid:84637210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774111)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.168.95.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774111/; classtype:trojan-activity;sid:84637211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774113)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.168.95.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774113/; classtype:trojan-activity;sid:84637213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774114)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.168.95.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774114/; classtype:trojan-activity;sid:84637214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774115)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.168.95.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774115/; classtype:trojan-activity;sid:84637215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774116)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.168.95.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774116/; classtype:trojan-activity;sid:84637216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774078)"; flow:established,from_client; content:"GET"; http_method; content:"/qst"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.79.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774078/; classtype:trojan-activity;sid:84637178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774079)"; flow:established,from_client; content:"GET"; http_method; content:"/nbv"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.79.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774079/; classtype:trojan-activity;sid:84637179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774076)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/armv4l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774076/; classtype:trojan-activity;sid:84637176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774074)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774074/; classtype:trojan-activity;sid:84637174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774075)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/aarch64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774075/; classtype:trojan-activity;sid:84637175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774073)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774073/; classtype:trojan-activity;sid:84637173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774071)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/armv6l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774071/; classtype:trojan-activity;sid:84637171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774072)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774072/; classtype:trojan-activity;sid:84637172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774070)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/armv7l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774070/; classtype:trojan-activity;sid:84637170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774069)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/armv5l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774069/; classtype:trojan-activity;sid:84637169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774032)"; flow:established,from_client; content:"GET"; http_method; content:"/cbot/subprocess.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.83.207.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774032/; classtype:trojan-activity;sid:84637132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774033)"; flow:established,from_client; content:"GET"; http_method; content:"/cbot/subprocess_debug.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.83.207.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774033/; classtype:trojan-activity;sid:84637133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774034)"; flow:established,from_client; content:"GET"; http_method; content:"/cbot/raw_subprocess.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"45.83.207.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774034/; classtype:trojan-activity;sid:84637134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774035)"; flow:established,from_client; content:"GET"; http_method; content:"/cbot/raw_subprocess_debug.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"45.83.207.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774035/; classtype:trojan-activity;sid:84637135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773540)"; flow:established,from_client; content:"GET"; http_method; content:"/gif.gif"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pjsn.hi2.ro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3773540/; classtype:trojan-activity;sid:84636640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"45.88.186.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3773534/; classtype:trojan-activity;sid:84636634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773437)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.88.234.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3773437/; classtype:trojan-activity;sid:84636537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773438)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.83.229.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3773438/; classtype:trojan-activity;sid:84636538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773429)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.50.222.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3773429/; classtype:trojan-activity;sid:84636529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773430)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.154.87.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3773430/; classtype:trojan-activity;sid:84636530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773432)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"184.160.27.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3773432/; classtype:trojan-activity;sid:84636532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773292)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.55.251.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773292/; classtype:trojan-activity;sid:84636392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773290)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.112.49.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773290/; classtype:trojan-activity;sid:84636390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773287)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.160.26.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773287/; classtype:trojan-activity;sid:84636387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773286)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.247.202.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773286/; classtype:trojan-activity;sid:84636386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773279)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.221.36.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773279/; classtype:trojan-activity;sid:84636379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773274)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.37.71.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773274/; classtype:trojan-activity;sid:84636374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773277)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.204.193.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773277/; classtype:trojan-activity;sid:84636377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773270)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.112.101.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773270/; classtype:trojan-activity;sid:84636370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773268)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.173.12.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773268/; classtype:trojan-activity;sid:84636368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773263)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.166.218.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773263/; classtype:trojan-activity;sid:84636363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773262)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.47.176.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773262/; classtype:trojan-activity;sid:84636362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773251)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"83.218.189.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773251/; classtype:trojan-activity;sid:84636351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773239)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.135.26.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773239/; classtype:trojan-activity;sid:84636339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773129)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.46.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773129/; classtype:trojan-activity;sid:84636229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.103.0.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3772995/; classtype:trojan-activity;sid:84636095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772916)"; flow:established,from_client; content:"GET"; http_method; content:"/download_invitee.php"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"biducaconfeitos.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3772916/; classtype:trojan-activity;sid:84636016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.15.110.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3772838/; classtype:trojan-activity;sid:84635938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.15.110.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3772836/; classtype:trojan-activity;sid:84635936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772754)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.1.110.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772754/; classtype:trojan-activity;sid:84635854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772755)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.190.234.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772755/; classtype:trojan-activity;sid:84635855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772613)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.83.202.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772613/; classtype:trojan-activity;sid:84635713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772612)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.242.47.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772612/; classtype:trojan-activity;sid:84635712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772607)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"112.124.33.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772607/; classtype:trojan-activity;sid:84635707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772602)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.140.176.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772602/; classtype:trojan-activity;sid:84635702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.134.223.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772597/; classtype:trojan-activity;sid:84635697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.244.47.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772593/; classtype:trojan-activity;sid:84635693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772582)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.46.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772582/; classtype:trojan-activity;sid:84635682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772577)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.46.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772577/; classtype:trojan-activity;sid:84635677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772572)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.39.143.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772572/; classtype:trojan-activity;sid:84635672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772548)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.5.194.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772548/; classtype:trojan-activity;sid:84635648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772543)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.46.170.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772543/; classtype:trojan-activity;sid:84635643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772537)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.162.188.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772537/; classtype:trojan-activity;sid:84635637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772535)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"149.50.186.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772535/; classtype:trojan-activity;sid:84635635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772527)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.91.236.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772527/; classtype:trojan-activity;sid:84635627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772528)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"184.185.30.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772528/; classtype:trojan-activity;sid:84635628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772518)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.130.248.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772518/; classtype:trojan-activity;sid:84635618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772510)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoftteamupdate.msi"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vrajras.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772510/; classtype:trojan-activity;sid:84635610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772507)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.armv7l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"94.183.182.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772507/; classtype:trojan-activity;sid:84635607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772365)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.186.90.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772365/; classtype:trojan-activity;sid:84635465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772359)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"128.127.102.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772359/; classtype:trojan-activity;sid:84635459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772097)"; flow:established,from_client; content:"GET"; http_method; content:"/wxwwxh.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bafybeias4uzwo3l336d5ewygv2dd3oqbnlvrer5ndf5wyhjcwkm4igaafa.ipfs.w3s.link"; http_host; depth:73; isdataat:!1,relative; metadata:created_at 2026_02_04; reference:url, urlhaus.abuse.ch/url/3772097/; classtype:trojan-activity;sid:84635197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772096)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"bafybeieq7tctzxkqidqpq4fjvtznbupqrpo2w4n4lfmzksehei4dinilii.ipfs.w3s.link"; http_host; depth:73; isdataat:!1,relative; metadata:created_at 2026_02_04; reference:url, urlhaus.abuse.ch/url/3772096/; classtype:trojan-activity;sid:84635196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.40.178.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771747/; classtype:trojan-activity;sid:84634847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.142.48.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771745/; classtype:trojan-activity;sid:84634845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771741)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.62.202.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771741/; classtype:trojan-activity;sid:84634841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771659)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771659/; classtype:trojan-activity;sid:84634759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771648)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771648/; classtype:trojan-activity;sid:84634748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771632)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_121424_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771632/; classtype:trojan-activity;sid:84634732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771510)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"175.209.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771510/; classtype:trojan-activity;sid:84634610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771493)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.121.236.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771493/; classtype:trojan-activity;sid:84634593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771480)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"175.209.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771480/; classtype:trojan-activity;sid:84634580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771472)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.15.156.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771472/; classtype:trojan-activity;sid:84634572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771469)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.15.156.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771469/; classtype:trojan-activity;sid:84634569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771458)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.201.14.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771458/; classtype:trojan-activity;sid:84634558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771442)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.212.222.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771442/; classtype:trojan-activity;sid:84634542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771437)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.209.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771437/; classtype:trojan-activity;sid:84634537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771429)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"201.16.194.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771429/; classtype:trojan-activity;sid:84634529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771420)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.201.14.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771420/; classtype:trojan-activity;sid:84634520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771416)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.212.222.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771416/; classtype:trojan-activity;sid:84634516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771410)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771410/; classtype:trojan-activity;sid:84634510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771406)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.80.184.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771406/; classtype:trojan-activity;sid:84634506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771405)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771405/; classtype:trojan-activity;sid:84634505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771403)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.80.184.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771403/; classtype:trojan-activity;sid:84634503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771394)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.201.14.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771394/; classtype:trojan-activity;sid:84634494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771391)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.80.184.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771391/; classtype:trojan-activity;sid:84634491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771393)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771393/; classtype:trojan-activity;sid:84634493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771383)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"175.209.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771383/; classtype:trojan-activity;sid:84634483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771376)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.24.152.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771376/; classtype:trojan-activity;sid:84634476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771373)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.209.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771373/; classtype:trojan-activity;sid:84634473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771365)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.24.152.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771365/; classtype:trojan-activity;sid:84634465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771359)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.24.152.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771359/; classtype:trojan-activity;sid:84634459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771357)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.201.14.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771357/; classtype:trojan-activity;sid:84634457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771344)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.80.184.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771344/; classtype:trojan-activity;sid:84634444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771346)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.212.222.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771346/; classtype:trojan-activity;sid:84634446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771336)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.121.236.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771336/; classtype:trojan-activity;sid:84634436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771330)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.115.218.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771330/; classtype:trojan-activity;sid:84634430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771319)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.201.14.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771319/; classtype:trojan-activity;sid:84634419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771318)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.80.184.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771318/; classtype:trojan-activity;sid:84634418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771302)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.15.156.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771302/; classtype:trojan-activity;sid:84634402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771292)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771292/; classtype:trojan-activity;sid:84634392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771295)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.24.152.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771295/; classtype:trojan-activity;sid:84634395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771282)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.15.156.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771282/; classtype:trojan-activity;sid:84634382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771284)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"175.209.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771284/; classtype:trojan-activity;sid:84634384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771272)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.24.152.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771272/; classtype:trojan-activity;sid:84634372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771276)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.24.152.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771276/; classtype:trojan-activity;sid:84634376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771268)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.80.184.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771268/; classtype:trojan-activity;sid:84634368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771258)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.212.222.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771258/; classtype:trojan-activity;sid:84634358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771255)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.15.156.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771255/; classtype:trojan-activity;sid:84634355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771242)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.226.249.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771242/; classtype:trojan-activity;sid:84634342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771243)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.15.156.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771243/; classtype:trojan-activity;sid:84634343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771234)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.201.14.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771234/; classtype:trojan-activity;sid:84634334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771237)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.212.222.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771237/; classtype:trojan-activity;sid:84634337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771218)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.212.222.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771218/; classtype:trojan-activity;sid:84634318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771220)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.212.222.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771220/; classtype:trojan-activity;sid:84634320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771206)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771206/; classtype:trojan-activity;sid:84634306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771198)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.24.152.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771198/; classtype:trojan-activity;sid:84634298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771190)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771190/; classtype:trojan-activity;sid:84634290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771192)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.15.156.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771192/; classtype:trojan-activity;sid:84634292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771161)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.244.47.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771161/; classtype:trojan-activity;sid:84634261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771061)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/31%2012%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771061/; classtype:trojan-activity;sid:84634161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771062)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/08%2008%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771062/; classtype:trojan-activity;sid:84634162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771063)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/24%2010%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771063/; classtype:trojan-activity;sid:84634163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771060)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/11%2011%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771060/; classtype:trojan-activity;sid:84634160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771059)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/10%2012%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771059/; classtype:trojan-activity;sid:84634159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771056)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/07%2010%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771056/; classtype:trojan-activity;sid:84634156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771057)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/27%2007%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771057/; classtype:trojan-activity;sid:84634157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771058)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/30%2009%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771058/; classtype:trojan-activity;sid:84634158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771054)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/10%2001%202026/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771054/; classtype:trojan-activity;sid:84634154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771055)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/20%2012%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771055/; classtype:trojan-activity;sid:84634155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771050)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/20%2009%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771050/; classtype:trojan-activity;sid:84634150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771051)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/24%2012%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771051/; classtype:trojan-activity;sid:84634151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771052)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/15%2010%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771052/; classtype:trojan-activity;sid:84634152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771053)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/16%2001%202026/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771053/; classtype:trojan-activity;sid:84634153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771048)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/20%2007%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771048/; classtype:trojan-activity;sid:84634148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771045)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/12%2012%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771045/; classtype:trojan-activity;sid:84634145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771039)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/02%2012%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771039/; classtype:trojan-activity;sid:84634139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771036)"; flow:established,from_client; content:"GET"; http_method; content:"/bitrix/cache/js/s1/universe_s1/kernel_main/kernel_main_v1.js"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"alternativas.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771036/; classtype:trojan-activity;sid:84634136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3770968)"; flow:established,from_client; content:"GET"; http_method; content:"/css/scc.msi"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"krisidev.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3770968/; classtype:trojan-activity;sid:84634068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3770100)"; flow:established,from_client; content:"GET"; http_method; content:"/64.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_01; reference:url, urlhaus.abuse.ch/url/3770100/; classtype:trojan-activity;sid:84633200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3767404)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.46.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_01; reference:url, urlhaus.abuse.ch/url/3767404/; classtype:trojan-activity;sid:84630504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3767389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.83.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_01; reference:url, urlhaus.abuse.ch/url/3767389/; classtype:trojan-activity;sid:84630489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3767348)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.107.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_01; reference:url, urlhaus.abuse.ch/url/3767348/; classtype:trojan-activity;sid:84630448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3767244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.141.98.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_01; reference:url, urlhaus.abuse.ch/url/3767244/; classtype:trojan-activity;sid:84630344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3767101)"; flow:established,from_client; content:"GET"; http_method; content:"/bhekinko/test/main/notepad2.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_01; reference:url, urlhaus.abuse.ch/url/3767101/; classtype:trojan-activity;sid:84630201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766869)"; flow:established,from_client; content:"GET"; http_method; content:"/build.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.107.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766869/; classtype:trojan-activity;sid:84629969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766633)"; flow:established,from_client; content:"GET"; http_method; content:"/pty2"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.46.43.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766633/; classtype:trojan-activity;sid:84629733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766628)"; flow:established,from_client; content:"GET"; http_method; content:"/pty3"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.46.43.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766628/; classtype:trojan-activity;sid:84629728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766629)"; flow:established,from_client; content:"GET"; http_method; content:"/pty1"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.46.43.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766629/; classtype:trojan-activity;sid:84629729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766630)"; flow:established,from_client; content:"GET"; http_method; content:"/pty4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.46.43.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766630/; classtype:trojan-activity;sid:84629730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766632)"; flow:established,from_client; content:"GET"; http_method; content:"/pty10"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"69.46.43.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766632/; classtype:trojan-activity;sid:84629732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766607)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.12.219.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766607/; classtype:trojan-activity;sid:84629707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766601)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.101.152.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766601/; classtype:trojan-activity;sid:84629701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.38.70.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766592/; classtype:trojan-activity;sid:84629692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.5.194.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766587/; classtype:trojan-activity;sid:84629687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.196.95.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766584/; classtype:trojan-activity;sid:84629684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766573)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"183.171.41.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766573/; classtype:trojan-activity;sid:84629673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766565)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.46.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766565/; classtype:trojan-activity;sid:84629665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766548)"; flow:established,from_client; content:"GET"; http_method; content:"/sifsif.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"62.60.226.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766548/; classtype:trojan-activity;sid:84629648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766542)"; flow:established,from_client; content:"GET"; http_method; content:"/formy.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.60.226.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766542/; classtype:trojan-activity;sid:84629642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766543)"; flow:established,from_client; content:"GET"; http_method; content:"/stra.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"62.60.226.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766543/; classtype:trojan-activity;sid:84629643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766544)"; flow:established,from_client; content:"GET"; http_method; content:"/adiad.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.60.226.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766544/; classtype:trojan-activity;sid:84629644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766545)"; flow:established,from_client; content:"GET"; http_method; content:"/trapsralt.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"62.60.226.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766545/; classtype:trojan-activity;sid:84629645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766546)"; flow:established,from_client; content:"GET"; http_method; content:"/vnanrjutptsc.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"62.60.226.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766546/; classtype:trojan-activity;sid:84629646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766547)"; flow:established,from_client; content:"GET"; http_method; content:"/kings.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.60.226.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766547/; classtype:trojan-activity;sid:84629647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766455)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmadsameer0306-collab/ghty/refs/heads/main/staticlibproj_6min.dll"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766455/; classtype:trojan-activity;sid:84629555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766454)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmadsameer0306-collab/ghty/raw/refs/heads/main/staticlibproj_6min.dll"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766454/; classtype:trojan-activity;sid:84629554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766235)"; flow:established,from_client; content:"GET"; http_method; content:"/encrypted.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.tmcksa.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766235/; classtype:trojan-activity;sid:84629335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766226)"; flow:established,from_client; content:"GET"; http_method; content:"/get/cl.msi"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"corporacioncrf.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766226/; classtype:trojan-activity;sid:84629326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766219)"; flow:established,from_client; content:"GET"; http_method; content:"/filejantn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bafybeiffpkay6l7heq55epccneb563p5chjzclxnso3vkozyorphlz6ana.ipfs.w3s.link"; http_host; depth:73; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766219/; classtype:trojan-activity;sid:84629319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766079)"; flow:established,from_client; content:"GET"; http_method; content:"/armful/activity_list.js"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"studiogioeli.it"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766079/; classtype:trojan-activity;sid:84629179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766078)"; flow:established,from_client; content:"GET"; http_method; content:"/armful/activity_list.js"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"studiogioeli.it"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766078/; classtype:trojan-activity;sid:84629178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766052)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/anyaa-7c774.firebasestorage.app/o/msi.png|3f|alt=media|7c|26|7c|token=7c7014b2-401f-482b-9744-a834bca292c3"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766052/; classtype:trojan-activity;sid:84629152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766045)"; flow:established,from_client; content:"GET"; http_method; content:"/v1/z1/optimized_msi.png"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"dialkwik.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766045/; classtype:trojan-activity;sid:84629145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766038)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/anyaa-7c774.firebasestorage.app/o/ki.png|3f|alt=media|7c|26|7c|token=0477f56f-1840-4b99-9901-1a72556d43fa"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766038/; classtype:trojan-activity;sid:84629138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766039)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/anyaa-7c774.firebasestorage.app/o/messi.png|3f|alt=media|7c|26|7c|token=d9bb0564-8440-43cc-8f6d-6661e8879b36"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766039/; classtype:trojan-activity;sid:84629139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766040)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/anyaa-7c774.firebasestorage.app/o/rp1.png|3f|alt=media|7c|26|7c|token=f27284d3-9fca-4832-9cbd-b613729f88bb"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766040/; classtype:trojan-activity;sid:84629140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766041)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/anyaa-7c774.firebasestorage.app/o/kalelsianox.png|3f|alt=media|7c|26|7c|token=ca718cd2-6d48-444c-9b1e-adc15cb11560"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766041/; classtype:trojan-activity;sid:84629141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766042)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/anyaa-7c774.firebasestorage.app/o/pol.png|3f|alt=media|7c|26|7c|token=6d4e8bd7-1c15-4c3e-83c3-88d5508e3ac9"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766042/; classtype:trojan-activity;sid:84629142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766033)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/anyaa-7c774.firebasestorage.app/o/452353.png|3f|alt=media|7c|26|7c|token=88970c7c-4d82-4c0c-995b-7c5f99e5c7e2"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766033/; classtype:trojan-activity;sid:84629133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766034)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/anyaa-7c774.firebasestorage.app/o/claropay.png|3f|alt=media|7c|26|7c|token=bba6370f-3f46-42a0-a252-3a7bd0488911"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766034/; classtype:trojan-activity;sid:84629134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766035)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/anyaa-7c774.firebasestorage.app/o/wos1111.png|3f|alt=media|7c|26|7c|token=087a06cf-3730-4f13-aa29-584a79f34c70"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766035/; classtype:trojan-activity;sid:84629135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766036)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/anyaa-7c774.firebasestorage.app/o/boga22.png|3f|alt=media|7c|26|7c|token=dc8ee4d4-d8ab-485c-a4ed-aea8ac5be7f0"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766036/; classtype:trojan-activity;sid:84629136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766037)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/anyaa-7c774.firebasestorage.app/o/toro2.png|3f|alt=media|7c|26|7c|token=f51136ab-e347-4b49-94a6-db927aabda1c"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766037/; classtype:trojan-activity;sid:84629137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766029)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/anyaa-7c774.firebasestorage.app/o/olakekeseeeeeeee.png|3f|alt=media|7c|26|7c|token=ad324cd2-343c-4cc2-8118-a4e76b10d2bf"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766029/; classtype:trojan-activity;sid:84629129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766027)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/anyaa-7c774.firebasestorage.app/o/oooooo.png|3f|alt=media|7c|26|7c|token=05b94cca-14f1-42ca-a609-724909cb752b"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766027/; classtype:trojan-activity;sid:84629127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766023)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/anyaa-7c774.firebasestorage.app/o/papota.png|3f|alt=media|7c|26|7c|token=0ec39b94-b037-4305-a1eb-abb581c53bf4"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766023/; classtype:trojan-activity;sid:84629123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766021)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"bafybeibfoyi7ruuyoncarf4xr55qa3lthsjjjgrktk4ia4z3upesawb4ry.ipfs.w3s.link"; http_host; depth:73; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766021/; classtype:trojan-activity;sid:84629121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766011)"; flow:established,from_client; content:"GET"; http_method; content:"/sectoring/reservation_details.js"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"studiogioeli.it"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766011/; classtype:trojan-activity;sid:84629111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766009)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/anyaa-7c774.firebasestorage.app/o/ama1.png|3f|alt=media|7c|26|7c|token=da6c9754-db54-4dd2-9635-1b03a690ad49"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766009/; classtype:trojan-activity;sid:84629109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766002)"; flow:established,from_client; content:"GET"; http_method; content:"/myanmar.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pub-ce02802067934e0eb072f69bf6427bf6.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766002/; classtype:trojan-activity;sid:84629102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3765537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.96.228.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_29; reference:url, urlhaus.abuse.ch/url/3765537/; classtype:trojan-activity;sid:84628637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3765534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.96.228.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_29; reference:url, urlhaus.abuse.ch/url/3765534/; classtype:trojan-activity;sid:84628634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3765490)"; flow:established,from_client; content:"GET"; http_method; content:"/download/linux/arm"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"101.32.206.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_29; reference:url, urlhaus.abuse.ch/url/3765490/; classtype:trojan-activity;sid:84628590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3764383)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/order2390.msi"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"audicontadores.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_01_26; reference:url, urlhaus.abuse.ch/url/3764383/; classtype:trojan-activity;sid:84627483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3764242)"; flow:established,from_client; content:"GET"; http_method; content:"/x"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.243.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_26; reference:url, urlhaus.abuse.ch/url/3764242/; classtype:trojan-activity;sid:84627342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3764239)"; flow:established,from_client; content:"GET"; http_method; content:"/d"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.243.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_26; reference:url, urlhaus.abuse.ch/url/3764239/; classtype:trojan-activity;sid:84627339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3764190)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.40.37.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_26; reference:url, urlhaus.abuse.ch/url/3764190/; classtype:trojan-activity;sid:84627290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3764183)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.18.157.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_26; reference:url, urlhaus.abuse.ch/url/3764183/; classtype:trojan-activity;sid:84627283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.147.202.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_25; reference:url, urlhaus.abuse.ch/url/3763659/; classtype:trojan-activity;sid:84626759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763381)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.72.2.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_25; reference:url, urlhaus.abuse.ch/url/3763381/; classtype:trojan-activity;sid:84626481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763338)"; flow:established,from_client; content:"GET"; http_method; content:"/plugins-dist/safehtml/lang/font/cr.sh"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"34.70.205.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763338/; classtype:trojan-activity;sid:84626438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763336)"; flow:established,from_client; content:"GET"; http_method; content:"/plugins-dist/safehtml/lang/font/javae"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"34.70.205.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763336/; classtype:trojan-activity;sid:84626436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763333)"; flow:established,from_client; content:"GET"; http_method; content:"/plugins-dist/safehtml/lang/font/pnscan-1.14.1.tar.gz"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"34.70.205.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763333/; classtype:trojan-activity;sid:84626433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763334)"; flow:established,from_client; content:"GET"; http_method; content:"/plugins-dist/safehtml/lang/font/1.0.5.tar.gz"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"34.70.205.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763334/; classtype:trojan-activity;sid:84626434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763122)"; flow:established,from_client; content:"GET"; http_method; content:"/a/sys64.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.243.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763122/; classtype:trojan-activity;sid:84626222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763120)"; flow:established,from_client; content:"GET"; http_method; content:"/a/sys64.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.243.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763120/; classtype:trojan-activity;sid:84626220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763119)"; flow:established,from_client; content:"GET"; http_method; content:"/a/sys64.aarch64be"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"151.243.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763119/; classtype:trojan-activity;sid:84626219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763115)"; flow:established,from_client; content:"GET"; http_method; content:"/a/sys64.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"151.243.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763115/; classtype:trojan-activity;sid:84626215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763116)"; flow:established,from_client; content:"GET"; http_method; content:"/a/sys64.aarch64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"151.243.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763116/; classtype:trojan-activity;sid:84626216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763117)"; flow:established,from_client; content:"GET"; http_method; content:"/a/sys64.i486"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"151.243.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763117/; classtype:trojan-activity;sid:84626217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763118)"; flow:established,from_client; content:"GET"; http_method; content:"/a/sys64.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"151.243.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763118/; classtype:trojan-activity;sid:84626218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763105)"; flow:established,from_client; content:"GET"; http_method; content:"/a/sys64.mips64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.243.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763105/; classtype:trojan-activity;sid:84626205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763106)"; flow:established,from_client; content:"GET"; http_method; content:"/a/sys64.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.243.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763106/; classtype:trojan-activity;sid:84626206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763108)"; flow:established,from_client; content:"GET"; http_method; content:"/a/sys64.i686"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"151.243.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763108/; classtype:trojan-activity;sid:84626208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763109)"; flow:established,from_client; content:"GET"; http_method; content:"/a/sys64.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.243.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763109/; classtype:trojan-activity;sid:84626209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763110)"; flow:established,from_client; content:"GET"; http_method; content:"/a/sys64.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"151.243.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763110/; classtype:trojan-activity;sid:84626210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763111)"; flow:established,from_client; content:"GET"; http_method; content:"/a/sys64.ppc440fp"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"151.243.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763111/; classtype:trojan-activity;sid:84626211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763112)"; flow:established,from_client; content:"GET"; http_method; content:"/a/sys64.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"151.243.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763112/; classtype:trojan-activity;sid:84626212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763113)"; flow:established,from_client; content:"GET"; http_method; content:"/a/sys64.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"151.243.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763113/; classtype:trojan-activity;sid:84626213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763114)"; flow:established,from_client; content:"GET"; http_method; content:"/a/sys64.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.243.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763114/; classtype:trojan-activity;sid:84626214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763104)"; flow:established,from_client; content:"GET"; http_method; content:"/a/sys64.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"151.243.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763104/; classtype:trojan-activity;sid:84626204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.228.239.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3762969/; classtype:trojan-activity;sid:84626069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.228.239.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3762953/; classtype:trojan-activity;sid:84626053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762816)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"112.86.12.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3762816/; classtype:trojan-activity;sid:84625916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762681)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.32.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_23; reference:url, urlhaus.abuse.ch/url/3762681/; classtype:trojan-activity;sid:84625781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.163.117.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_23; reference:url, urlhaus.abuse.ch/url/3762677/; classtype:trojan-activity;sid:84625777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762674)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.23.89.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_23; reference:url, urlhaus.abuse.ch/url/3762674/; classtype:trojan-activity;sid:84625774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.155.243.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_23; reference:url, urlhaus.abuse.ch/url/3762403/; classtype:trojan-activity;sid:84625503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.155.243.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_23; reference:url, urlhaus.abuse.ch/url/3762391/; classtype:trojan-activity;sid:84625491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762176)"; flow:established,from_client; content:"GET"; http_method; content:"/hamzaabiadi/cracked-tab-organizer-extension/main/altisonous/cracked-tab-organizer-extension.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762176/; classtype:trojan-activity;sid:84625276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762091)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.4.92.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762091/; classtype:trojan-activity;sid:84625191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762083)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.23.89.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762083/; classtype:trojan-activity;sid:84625183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762054)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.54.220.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762054/; classtype:trojan-activity;sid:84625154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762049)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"106.54.220.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762049/; classtype:trojan-activity;sid:84625149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762050)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"106.54.220.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762050/; classtype:trojan-activity;sid:84625150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761968)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.147.202.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761968/; classtype:trojan-activity;sid:84625068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761843)"; flow:established,from_client; content:"GET"; http_method; content:"/caio-arc/links/raw/refs/heads/main/application.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761843/; classtype:trojan-activity;sid:84624943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761841)"; flow:established,from_client; content:"GET"; http_method; content:"/keyur-m/hometask/raw/refs/heads/main/application.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761841/; classtype:trojan-activity;sid:84624941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761824)"; flow:established,from_client; content:"GET"; http_method; content:"/teeeeeeeeeellkall/cracked-tab-groups-extension/main/clackety/cracked-tab-groups-extension.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761824/; classtype:trojan-activity;sid:84624924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761823)"; flow:established,from_client; content:"GET"; http_method; content:"/teskkkkk/cracked-todoist-for-chrome/main/fieldworker/cracked-todoist-for-chrome.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761823/; classtype:trojan-activity;sid:84624923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761821)"; flow:established,from_client; content:"GET"; http_method; content:"/kukil-saikia/cracked-save-to-smartsheet-extension/main/syrtic/cracked-save-to-smartsheet-extension.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761821/; classtype:trojan-activity;sid:84624921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761822)"; flow:established,from_client; content:"GET"; http_method; content:"/class1k/cracked-save-to-mondaycom-extension/main/textbookless/cracked-save-to-mondaycom-extension.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761822/; classtype:trojan-activity;sid:84624922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761818)"; flow:established,from_client; content:"GET"; http_method; content:"/jsm2raj/cracked-webpage-highlighter-extension/main/innkeeper/cracked-webpage-highlighter-extension.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761818/; classtype:trojan-activity;sid:84624918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761819)"; flow:established,from_client; content:"GET"; http_method; content:"/shifaishfaque/cracked-save-to-click-up-extension/raw/refs/heads/main/doddart/cracked-save-to-click-up-extension.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761819/; classtype:trojan-activity;sid:84624919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761816)"; flow:established,from_client; content:"GET"; http_method; content:"/lazzydave/cracked-webpage-snapshot-extension/main/sketchiness/cracked-webpage-snapshot-extension.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761816/; classtype:trojan-activity;sid:84624916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761813)"; flow:established,from_client; content:"GET"; http_method; content:"/bibabiboreal/cracked-save-to-airtable-base-extension/main/rectifiable/cracked-save-to-airtable-base-extension.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761813/; classtype:trojan-activity;sid:84624913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761807)"; flow:established,from_client; content:"GET"; http_method; content:"/kayraizm3131/cracked-webpage-tag-manager-extension/main/pteroclomorphic/cracked-webpage-tag-manager-extension.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761807/; classtype:trojan-activity;sid:84624907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761795)"; flow:established,from_client; content:"GET"; http_method; content:"/crandd1/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761795/; classtype:trojan-activity;sid:84624895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761350)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"112.163.117.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_21; reference:url, urlhaus.abuse.ch/url/3761350/; classtype:trojan-activity;sid:84624450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761233)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm7"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"unruffled-chaum.185-36-205-153.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_01_21; reference:url, urlhaus.abuse.ch/url/3761233/; classtype:trojan-activity;sid:84624333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761232)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.m68k"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"unruffled-chaum.185-36-205-153.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_01_21; reference:url, urlhaus.abuse.ch/url/3761232/; classtype:trojan-activity;sid:84624332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761230)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"unruffled-chaum.185-36-205-153.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_01_21; reference:url, urlhaus.abuse.ch/url/3761230/; classtype:trojan-activity;sid:84624330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761231)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.spc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"unruffled-chaum.185-36-205-153.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_01_21; reference:url, urlhaus.abuse.ch/url/3761231/; classtype:trojan-activity;sid:84624331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761228)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mpsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"unruffled-chaum.185-36-205-153.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_01_21; reference:url, urlhaus.abuse.ch/url/3761228/; classtype:trojan-activity;sid:84624328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761229)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm6"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"unruffled-chaum.185-36-205-153.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_01_21; reference:url, urlhaus.abuse.ch/url/3761229/; classtype:trojan-activity;sid:84624329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761226)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"unruffled-chaum.185-36-205-153.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_01_21; reference:url, urlhaus.abuse.ch/url/3761226/; classtype:trojan-activity;sid:84624326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761227)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"unruffled-chaum.185-36-205-153.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_01_21; reference:url, urlhaus.abuse.ch/url/3761227/; classtype:trojan-activity;sid:84624327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761223)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"unruffled-chaum.185-36-205-153.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_01_21; reference:url, urlhaus.abuse.ch/url/3761223/; classtype:trojan-activity;sid:84624323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761224)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm5"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"unruffled-chaum.185-36-205-153.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_01_21; reference:url, urlhaus.abuse.ch/url/3761224/; classtype:trojan-activity;sid:84624324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761225)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.ppc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"unruffled-chaum.185-36-205-153.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_01_21; reference:url, urlhaus.abuse.ch/url/3761225/; classtype:trojan-activity;sid:84624325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761220)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.ppc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.36.205.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_21; reference:url, urlhaus.abuse.ch/url/3761220/; classtype:trojan-activity;sid:84624320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761215)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.36.205.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_21; reference:url, urlhaus.abuse.ch/url/3761215/; classtype:trojan-activity;sid:84624315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761216)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mpsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.36.205.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_21; reference:url, urlhaus.abuse.ch/url/3761216/; classtype:trojan-activity;sid:84624316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761217)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.36.205.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_21; reference:url, urlhaus.abuse.ch/url/3761217/; classtype:trojan-activity;sid:84624317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761218)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.36.205.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_21; reference:url, urlhaus.abuse.ch/url/3761218/; classtype:trojan-activity;sid:84624318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761214)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.36.205.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_21; reference:url, urlhaus.abuse.ch/url/3761214/; classtype:trojan-activity;sid:84624314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761209)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm7"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.36.205.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_21; reference:url, urlhaus.abuse.ch/url/3761209/; classtype:trojan-activity;sid:84624309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761210)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.m68k"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.36.205.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_21; reference:url, urlhaus.abuse.ch/url/3761210/; classtype:trojan-activity;sid:84624310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761211)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.spc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.36.205.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_21; reference:url, urlhaus.abuse.ch/url/3761211/; classtype:trojan-activity;sid:84624311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761212)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm6"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.36.205.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_21; reference:url, urlhaus.abuse.ch/url/3761212/; classtype:trojan-activity;sid:84624312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761213)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm5"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.36.205.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_21; reference:url, urlhaus.abuse.ch/url/3761213/; classtype:trojan-activity;sid:84624313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3760845)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"193.221.201.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_20; reference:url, urlhaus.abuse.ch/url/3760845/; classtype:trojan-activity;sid:84623945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3760838)"; flow:established,from_client; content:"GET"; http_method; content:"/lounger678/lapce/releases/download/1.0.0/lapce-windows.msi"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_20; reference:url, urlhaus.abuse.ch/url/3760838/; classtype:trojan-activity;sid:84623938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3760826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.25.137.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_20; reference:url, urlhaus.abuse.ch/url/3760826/; classtype:trojan-activity;sid:84623926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3760734)"; flow:established,from_client; content:"GET"; http_method; content:"/atom.xml"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.backupallfresh2030.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_01_20; reference:url, urlhaus.abuse.ch/url/3760734/; classtype:trojan-activity;sid:84623834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759998)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.7.114.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_18; reference:url, urlhaus.abuse.ch/url/3759998/; classtype:trojan-activity;sid:84623098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759759)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.178.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_18; reference:url, urlhaus.abuse.ch/url/3759759/; classtype:trojan-activity;sid:84622859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759546)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.m68k"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"47.245.109.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_17; reference:url, urlhaus.abuse.ch/url/3759546/; classtype:trojan-activity;sid:84622646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759545)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.arc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"47.245.109.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_17; reference:url, urlhaus.abuse.ch/url/3759545/; classtype:trojan-activity;sid:84622645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759543)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.spc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"47.245.109.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_17; reference:url, urlhaus.abuse.ch/url/3759543/; classtype:trojan-activity;sid:84622643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759544)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/debug"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.245.109.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_17; reference:url, urlhaus.abuse.ch/url/3759544/; classtype:trojan-activity;sid:84622644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759541)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.sh4"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"47.245.109.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_17; reference:url, urlhaus.abuse.ch/url/3759541/; classtype:trojan-activity;sid:84622641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759542)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.arm7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"47.245.109.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_17; reference:url, urlhaus.abuse.ch/url/3759542/; classtype:trojan-activity;sid:84622642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759539)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.mips"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"47.245.109.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_17; reference:url, urlhaus.abuse.ch/url/3759539/; classtype:trojan-activity;sid:84622639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759540)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.arm6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"47.245.109.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_17; reference:url, urlhaus.abuse.ch/url/3759540/; classtype:trojan-activity;sid:84622640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759538)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.x86"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"47.245.109.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_17; reference:url, urlhaus.abuse.ch/url/3759538/; classtype:trojan-activity;sid:84622638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759534)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.i686"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"47.245.109.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_17; reference:url, urlhaus.abuse.ch/url/3759534/; classtype:trojan-activity;sid:84622634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759535)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.ppc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"47.245.109.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_17; reference:url, urlhaus.abuse.ch/url/3759535/; classtype:trojan-activity;sid:84622635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759536)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.x86_64"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"47.245.109.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_17; reference:url, urlhaus.abuse.ch/url/3759536/; classtype:trojan-activity;sid:84622636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759537)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.mpsl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"47.245.109.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_17; reference:url, urlhaus.abuse.ch/url/3759537/; classtype:trojan-activity;sid:84622637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759533)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.arm"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"47.245.109.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_17; reference:url, urlhaus.abuse.ch/url/3759533/; classtype:trojan-activity;sid:84622633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759531)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.arm5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"47.245.109.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_17; reference:url, urlhaus.abuse.ch/url/3759531/; classtype:trojan-activity;sid:84622631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759532)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.245.109.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_17; reference:url, urlhaus.abuse.ch/url/3759532/; classtype:trojan-activity;sid:84622632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759320)"; flow:established,from_client; content:"GET"; http_method; content:"/receiveharsh/changebusiness"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"co-emas.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_17; reference:url, urlhaus.abuse.ch/url/3759320/; classtype:trojan-activity;sid:84622420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759319)"; flow:established,from_client; content:"GET"; http_method; content:"/x/s"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"co-emas.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_17; reference:url, urlhaus.abuse.ch/url/3759319/; classtype:trojan-activity;sid:84622419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.56.75.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_16; reference:url, urlhaus.abuse.ch/url/3759135/; classtype:trojan-activity;sid:84622235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3758958)"; flow:established,from_client; content:"GET"; http_method; content:"/adobeclientsetup2026.msi"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"frvrefrigeracao.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_01_16; reference:url, urlhaus.abuse.ch/url/3758958/; classtype:trojan-activity;sid:84622058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3758945)"; flow:established,from_client; content:"GET"; http_method; content:"/sa/saa.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"thebrandmantra.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_01_16; reference:url, urlhaus.abuse.ch/url/3758945/; classtype:trojan-activity;sid:84622045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3758944)"; flow:established,from_client; content:"GET"; http_method; content:"/static/upload/other/20220313/1647160611412907.apk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.longfeng188.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_01_16; reference:url, urlhaus.abuse.ch/url/3758944/; classtype:trojan-activity;sid:84622044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3758943)"; flow:established,from_client; content:"GET"; http_method; content:"/down/laizi_wzzdh.apk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"n.vs108.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_16; reference:url, urlhaus.abuse.ch/url/3758943/; classtype:trojan-activity;sid:84622043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3758942)"; flow:established,from_client; content:"GET"; http_method; content:"/bbs/upload/1000/2017/03/16/202395_1101210.apk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"jlwz.cn"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2026_01_16; reference:url, urlhaus.abuse.ch/url/3758942/; classtype:trojan-activity;sid:84622042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3758937)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress%202026.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"inomailerhe.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_16; reference:url, urlhaus.abuse.ch/url/3758937/; classtype:trojan-activity;sid:84622037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3758380)"; flow:established,from_client; content:"GET"; http_method; content:"/j1/encrypted.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dialkwik.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_15; reference:url, urlhaus.abuse.ch/url/3758380/; classtype:trojan-activity;sid:84621480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3758319)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/rodriakd-8413d.appspot.com/o/dll%2fprueba%20signo%20dll3.txt|3f|alt=media|7c|26|7c|token=21cce499-67ec-41ea-8334-f4d8df39aa22"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_01_15; reference:url, urlhaus.abuse.ch/url/3758319/; classtype:trojan-activity;sid:84621419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757996)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.241.150.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757996/; classtype:trojan-activity;sid:84621096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.95.137.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757989/; classtype:trojan-activity;sid:84621089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.214.60.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757985/; classtype:trojan-activity;sid:84621085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/imgs.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"wittenhorst.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757953/; classtype:trojan-activity;sid:84621053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757907)"; flow:established,from_client; content:"GET"; http_method; content:"/syrins/chatgpt-app/raw/9d9a3d9ce5ba4eb03b7738f99458773e3b4ce7de/inat%20tv.apk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757907/; classtype:trojan-activity;sid:84621007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757803)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/05%2012%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757803/; classtype:trojan-activity;sid:84620903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757804)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/05%2011%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757804/; classtype:trojan-activity;sid:84620904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757805)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/03%2010%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757805/; classtype:trojan-activity;sid:84620905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757806)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/04%2012%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757806/; classtype:trojan-activity;sid:84620906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757808)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/04%2009%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757808/; classtype:trojan-activity;sid:84620908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757809)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/02%2012%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757809/; classtype:trojan-activity;sid:84620909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757811)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/04%2008%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757811/; classtype:trojan-activity;sid:84620911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757802)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/05%2010%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757802/; classtype:trojan-activity;sid:84620902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757799)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/03%2011%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757799/; classtype:trojan-activity;sid:84620899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757800)"; flow:established,from_client; content:"GET"; http_method; content:"/test/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.163.114.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757800/; classtype:trojan-activity;sid:84620900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757796)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/03%2009%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757796/; classtype:trojan-activity;sid:84620896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757797)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/05%2008%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757797/; classtype:trojan-activity;sid:84620897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757792)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/05%2009%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757792/; classtype:trojan-activity;sid:84620892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757794)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/04%2011%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757794/; classtype:trojan-activity;sid:84620894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757791)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/03%2008%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757791/; classtype:trojan-activity;sid:84620891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757629)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/unins000.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"124.223.191.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_13; reference:url, urlhaus.abuse.ch/url/3757629/; classtype:trojan-activity;sid:84620729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757621)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/dbghelp.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.223.191.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_13; reference:url, urlhaus.abuse.ch/url/3757621/; classtype:trojan-activity;sid:84620721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757403)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.224.16.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_13; reference:url, urlhaus.abuse.ch/url/3757403/; classtype:trojan-activity;sid:84620503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.158.100.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_13; reference:url, urlhaus.abuse.ch/url/3757384/; classtype:trojan-activity;sid:84620484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.0.5.138"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_13; reference:url, urlhaus.abuse.ch/url/3757381/; classtype:trojan-activity;sid:84620481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757377)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.197.62.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_13; reference:url, urlhaus.abuse.ch/url/3757377/; classtype:trojan-activity;sid:84620477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757147)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.56.75.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_13; reference:url, urlhaus.abuse.ch/url/3757147/; classtype:trojan-activity;sid:84620247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757126)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.0.129.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_13; reference:url, urlhaus.abuse.ch/url/3757126/; classtype:trojan-activity;sid:84620226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757074)"; flow:established,from_client; content:"GET"; http_method; content:"/netsyst81.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"steam66.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_13; reference:url, urlhaus.abuse.ch/url/3757074/; classtype:trojan-activity;sid:84620174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3756255)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_11; reference:url, urlhaus.abuse.ch/url/3756255/; classtype:trojan-activity;sid:84619355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3756168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.34.247.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_11; reference:url, urlhaus.abuse.ch/url/3756168/; classtype:trojan-activity;sid:84619268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3756062)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_11; reference:url, urlhaus.abuse.ch/url/3756062/; classtype:trojan-activity;sid:84619162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3756023)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_11; reference:url, urlhaus.abuse.ch/url/3756023/; classtype:trojan-activity;sid:84619123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3756018)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_11; reference:url, urlhaus.abuse.ch/url/3756018/; classtype:trojan-activity;sid:84619118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755992)"; flow:established,from_client; content:"GET"; http_method; content:"/t36"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.192.39.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_11; reference:url, urlhaus.abuse.ch/url/3755992/; classtype:trojan-activity;sid:84619092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755948)"; flow:established,from_client; content:"GET"; http_method; content:"/payload_universal.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_11; reference:url, urlhaus.abuse.ch/url/3755948/; classtype:trojan-activity;sid:84619048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755921)"; flow:established,from_client; content:"GET"; http_method; content:"/payload_direct.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_11; reference:url, urlhaus.abuse.ch/url/3755921/; classtype:trojan-activity;sid:84619021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755903)"; flow:established,from_client; content:"GET"; http_method; content:"/payload_wget.txt"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_11; reference:url, urlhaus.abuse.ch/url/3755903/; classtype:trojan-activity;sid:84619003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.45.74.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755548/; classtype:trojan-activity;sid:84618648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755374)"; flow:established,from_client; content:"GET"; http_method; content:"/18.node"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.215.85.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755374/; classtype:trojan-activity;sid:84618474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755219)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"175.209.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755219/; classtype:trojan-activity;sid:84618319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755194)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"175.209.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755194/; classtype:trojan-activity;sid:84618294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755193)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"175.209.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755193/; classtype:trojan-activity;sid:84618293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755157)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.209.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755157/; classtype:trojan-activity;sid:84618257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755119)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755119/; classtype:trojan-activity;sid:84618219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755090)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"175.209.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755090/; classtype:trojan-activity;sid:84618190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755064)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.209.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755064/; classtype:trojan-activity;sid:84618164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755067)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755067/; classtype:trojan-activity;sid:84618167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754894)"; flow:established,from_client; content:"GET"; http_method; content:"/setup.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.60.226.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754894/; classtype:trojan-activity;sid:84617994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754752)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"79.175.42.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754752/; classtype:trojan-activity;sid:84617852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754753)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"95.47.176.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754753/; classtype:trojan-activity;sid:84617853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754756)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"186.121.239.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754756/; classtype:trojan-activity;sid:84617856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754757)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"217.150.78.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754757/; classtype:trojan-activity;sid:84617857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754760)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"186.138.107.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754760/; classtype:trojan-activity;sid:84617860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754761)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"37.157.212.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754761/; classtype:trojan-activity;sid:84617861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754762)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"82.114.200.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754762/; classtype:trojan-activity;sid:84617862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754764)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"202.131.234.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754764/; classtype:trojan-activity;sid:84617864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754742)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/reynold/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754742/; classtype:trojan-activity;sid:84617842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754743)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/reynold/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754743/; classtype:trojan-activity;sid:84617843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754744)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/%24recycle.bin/photo.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754744/; classtype:trojan-activity;sid:84617844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754745)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/reynold/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754745/; classtype:trojan-activity;sid:84617845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754741)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/%24recycle.bin/s-1-5-21-513737667-1919666884-561045330-1001/%24rs1r5lt.scr"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754741/; classtype:trojan-activity;sid:84617841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754739)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"217.65.15.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754739/; classtype:trojan-activity;sid:84617839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.147.166.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754722/; classtype:trojan-activity;sid:84617822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754707)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"115.178.100.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754707/; classtype:trojan-activity;sid:84617807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754708)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"128.127.102.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754708/; classtype:trojan-activity;sid:84617808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754692)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"212.18.223.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754692/; classtype:trojan-activity;sid:84617792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754695)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"78.140.32.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754695/; classtype:trojan-activity;sid:84617795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754699)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"202.4.101.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754699/; classtype:trojan-activity;sid:84617799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754702)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"182.160.102.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754702/; classtype:trojan-activity;sid:84617802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754705)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"146.66.163.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754705/; classtype:trojan-activity;sid:84617805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754690)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"195.158.88.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754690/; classtype:trojan-activity;sid:84617790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754685)"; flow:established,from_client; content:"GET"; http_method; content:"/zoldownload/"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"down10d.zol.com.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754685/; classtype:trojan-activity;sid:84617785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754684)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754684/; classtype:trojan-activity;sid:84617784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754676)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"31.210.217.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754676/; classtype:trojan-activity;sid:84617776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754677)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"103.164.117.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754677/; classtype:trojan-activity;sid:84617777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754675)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"186.42.98.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754675/; classtype:trojan-activity;sid:84617775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754659)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"77.87.236.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754659/; classtype:trojan-activity;sid:84617759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754662)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"200.54.221.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754662/; classtype:trojan-activity;sid:84617762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754668)"; flow:established,from_client; content:"GET"; http_method; content:"/ml_is.elf"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.26.141.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754668/; classtype:trojan-activity;sid:84617768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754652)"; flow:established,from_client; content:"GET"; http_method; content:"/sh.elf"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.26.141.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754652/; classtype:trojan-activity;sid:84617752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754653)"; flow:established,from_client; content:"GET"; http_method; content:"/bind86.elf"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.26.141.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754653/; classtype:trojan-activity;sid:84617753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754647)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"146.247.226.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754647/; classtype:trojan-activity;sid:84617747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754648)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"37.131.200.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754648/; classtype:trojan-activity;sid:84617748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754618)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.158.100.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754618/; classtype:trojan-activity;sid:84617718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754592)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"89.101.123.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754592/; classtype:trojan-activity;sid:84617692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754593)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"181.63.213.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754593/; classtype:trojan-activity;sid:84617693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754590)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"178.217.165.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754590/; classtype:trojan-activity;sid:84617690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754582)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"194.187.151.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754582/; classtype:trojan-activity;sid:84617682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754573)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754573/; classtype:trojan-activity;sid:84617673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754561)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"109.86.237.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754561/; classtype:trojan-activity;sid:84617661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754554)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"208.89.168.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754554/; classtype:trojan-activity;sid:84617654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754555)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpnxp.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754555/; classtype:trojan-activity;sid:84617655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754559)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"168.232.158.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754559/; classtype:trojan-activity;sid:84617659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754546)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"92.241.19.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754546/; classtype:trojan-activity;sid:84617646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754542)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpn7.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754542/; classtype:trojan-activity;sid:84617642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754543)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpnx2.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754543/; classtype:trojan-activity;sid:84617643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimidrv.sys"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754540/; classtype:trojan-activity;sid:84617640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754530)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"217.75.193.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754530/; classtype:trojan-activity;sid:84617630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754533)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"138.219.58.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754533/; classtype:trojan-activity;sid:84617633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754520)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"190.128.195.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754520/; classtype:trojan-activity;sid:84617620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754521)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"190.12.99.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754521/; classtype:trojan-activity;sid:84617621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754516)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"79.111.14.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754516/; classtype:trojan-activity;sid:84617616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754511)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"37.252.69.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754511/; classtype:trojan-activity;sid:84617611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754445)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"188.150.45.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754445/; classtype:trojan-activity;sid:84617545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754439)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"88.135.26.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754439/; classtype:trojan-activity;sid:84617539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754438)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"94.244.113.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754438/; classtype:trojan-activity;sid:84617538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754427)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754427/; classtype:trojan-activity;sid:84617527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754414)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"2.249.142.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754414/; classtype:trojan-activity;sid:84617514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754409)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"5.181.28.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754409/; classtype:trojan-activity;sid:84617509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754402)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"80.73.70.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754402/; classtype:trojan-activity;sid:84617502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754403)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"118.42.229.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754403/; classtype:trojan-activity;sid:84617503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754396)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"195.9.14.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754396/; classtype:trojan-activity;sid:84617496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754390)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"171.231.131.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754390/; classtype:trojan-activity;sid:84617490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754384)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754384/; classtype:trojan-activity;sid:84617484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754375)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"116.72.2.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754375/; classtype:trojan-activity;sid:84617475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754376)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"213.221.36.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754376/; classtype:trojan-activity;sid:84617476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754378)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"83.166.197.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754378/; classtype:trojan-activity;sid:84617478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754379)"; flow:established,from_client; content:"GET"; http_method; content:"/cryptography_module/base_library.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"122.170.110.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754379/; classtype:trojan-activity;sid:84617479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754373)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"115.240.70.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754373/; classtype:trojan-activity;sid:84617473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754364)"; flow:established,from_client; content:"GET"; http_method; content:"/threat/eicar_com.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754364/; classtype:trojan-activity;sid:84617464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754365)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"151.248.56.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754365/; classtype:trojan-activity;sid:84617465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754366)"; flow:established,from_client; content:"GET"; http_method; content:"/threat/eicarcom2.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754366/; classtype:trojan-activity;sid:84617466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754362)"; flow:established,from_client; content:"GET"; http_method; content:"/reverse_shell.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"194.26.141.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754362/; classtype:trojan-activity;sid:84617462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754359)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpnx2.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754359/; classtype:trojan-activity;sid:84617459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754351)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"31.223.60.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754351/; classtype:trojan-activity;sid:84617451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754340)"; flow:established,from_client; content:"GET"; http_method; content:"/install/namuvpn32.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754340/; classtype:trojan-activity;sid:84617440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754331)"; flow:established,from_client; content:"GET"; http_method; content:"/pc/pdfconvert/"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"download.pdf00.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754331/; classtype:trojan-activity;sid:84617431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754327)"; flow:established,from_client; content:"GET"; http_method; content:"/install/namu864.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754327/; classtype:trojan-activity;sid:84617427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754328)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpn32.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754328/; classtype:trojan-activity;sid:84617428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754324)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"37.9.25.206"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754324/; classtype:trojan-activity;sid:84617424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754325)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpnx2/namuvpnx2.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754325/; classtype:trojan-activity;sid:84617425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754326)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"63.245.127.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754326/; classtype:trojan-activity;sid:84617426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754304)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"81.30.194.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754304/; classtype:trojan-activity;sid:84617404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754299)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754299/; classtype:trojan-activity;sid:84617399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754282)"; flow:established,from_client; content:"GET"; http_method; content:"/install/namuxp.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754282/; classtype:trojan-activity;sid:84617382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754275)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"80.89.131.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754275/; classtype:trojan-activity;sid:84617375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754276)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"91.147.91.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754276/; classtype:trojan-activity;sid:84617376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754274)"; flow:established,from_client; content:"GET"; http_method; content:"/install/namuvpn7.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754274/; classtype:trojan-activity;sid:84617374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754268)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"118.43.201.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754268/; classtype:trojan-activity;sid:84617368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754265)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview%2b%2b.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.58.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754265/; classtype:trojan-activity;sid:84617365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754266)"; flow:established,from_client; content:"GET"; http_method; content:"/reverse.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.26.141.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754266/; classtype:trojan-activity;sid:84617366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754262)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpn7.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754262/; classtype:trojan-activity;sid:84617362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754263)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"83.218.189.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754263/; classtype:trojan-activity;sid:84617363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754253)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"49.158.206.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754253/; classtype:trojan-activity;sid:84617353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754241)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"197.157.195.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754241/; classtype:trojan-activity;sid:84617341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754238)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpn7/namuvpn7.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754238/; classtype:trojan-activity;sid:84617338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754227)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"139.255.67.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754227/; classtype:trojan-activity;sid:84617327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754221)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"89.28.58.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754221/; classtype:trojan-activity;sid:84617321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754218)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpn32.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754218/; classtype:trojan-activity;sid:84617318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754202)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"223.197.231.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754202/; classtype:trojan-activity;sid:84617302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754194)"; flow:established,from_client; content:"GET"; http_method; content:"/cryptodata/archive_to_send_decr.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"122.170.110.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754194/; classtype:trojan-activity;sid:84617294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754176)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview%2b%2b.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"114.132.86.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754176/; classtype:trojan-activity;sid:84617276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754172)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"37.34.172.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754172/; classtype:trojan-activity;sid:84617272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754174)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"120.50.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754174/; classtype:trojan-activity;sid:84617274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754164)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"181.166.103.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754164/; classtype:trojan-activity;sid:84617264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754162)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"93.123.89.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754162/; classtype:trojan-activity;sid:84617262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimilib.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754156/; classtype:trojan-activity;sid:84617256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754051)"; flow:established,from_client; content:"GET"; http_method; content:"/aug/02-08-2023/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"125.19.150.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754051/; classtype:trojan-activity;sid:84617151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754052)"; flow:established,from_client; content:"GET"; http_method; content:"/aug/08-08-2023/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"125.19.150.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754052/; classtype:trojan-activity;sid:84617152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754054)"; flow:established,from_client; content:"GET"; http_method; content:"/aug/10-08-2023/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"125.19.150.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754054/; classtype:trojan-activity;sid:84617154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754049)"; flow:established,from_client; content:"GET"; http_method; content:"/aug/11-08-2023/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"125.19.150.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754049/; classtype:trojan-activity;sid:84617149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754050)"; flow:established,from_client; content:"GET"; http_method; content:"/aug/04-08-2023/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"125.19.150.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754050/; classtype:trojan-activity;sid:84617150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754048)"; flow:established,from_client; content:"GET"; http_method; content:"/aug/05-08-2023/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"125.19.150.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754048/; classtype:trojan-activity;sid:84617148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754047)"; flow:established,from_client; content:"GET"; http_method; content:"/aug/07-08-2023/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"125.19.150.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754047/; classtype:trojan-activity;sid:84617147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754044)"; flow:established,from_client; content:"GET"; http_method; content:"/aug/03-08-2023/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"125.19.150.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754044/; classtype:trojan-activity;sid:84617144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754045)"; flow:established,from_client; content:"GET"; http_method; content:"/aug/09-08-2023/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"125.19.150.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754045/; classtype:trojan-activity;sid:84617145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754046)"; flow:established,from_client; content:"GET"; http_method; content:"/aug/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"125.19.150.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754046/; classtype:trojan-activity;sid:84617146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754041)"; flow:established,from_client; content:"GET"; http_method; content:"/aug/06-08-2023/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"125.19.150.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754041/; classtype:trojan-activity;sid:84617141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754042)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"125.19.150.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754042/; classtype:trojan-activity;sid:84617142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754043)"; flow:established,from_client; content:"GET"; http_method; content:"/aug/01-08-2023/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"125.19.150.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754043/; classtype:trojan-activity;sid:84617143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3753765)"; flow:established,from_client; content:"GET"; http_method; content:"/big/img001.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3753765/; classtype:trojan-activity;sid:84616865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3753539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.59.2.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_08; reference:url, urlhaus.abuse.ch/url/3753539/; classtype:trojan-activity;sid:84616639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3752540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.249.142.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_08; reference:url, urlhaus.abuse.ch/url/3752540/; classtype:trojan-activity;sid:84615640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3752359)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"meetvideogoogle.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_01_07; reference:url, urlhaus.abuse.ch/url/3752359/; classtype:trojan-activity;sid:84615459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3752363)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"videomeetgoogle.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_01_07; reference:url, urlhaus.abuse.ch/url/3752363/; classtype:trojan-activity;sid:84615463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3752358)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"194.67.127.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_07; reference:url, urlhaus.abuse.ch/url/3752358/; classtype:trojan-activity;sid:84615458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3752336)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.45.74.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_07; reference:url, urlhaus.abuse.ch/url/3752336/; classtype:trojan-activity;sid:84615436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3752304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.203.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_07; reference:url, urlhaus.abuse.ch/url/3752304/; classtype:trojan-activity;sid:84615404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3752302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.42.229.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_07; reference:url, urlhaus.abuse.ch/url/3752302/; classtype:trojan-activity;sid:84615402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3751589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.229.60.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_06; reference:url, urlhaus.abuse.ch/url/3751589/; classtype:trojan-activity;sid:84614689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3751521)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.243.238.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_06; reference:url, urlhaus.abuse.ch/url/3751521/; classtype:trojan-activity;sid:84614621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3751506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.15.165.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_06; reference:url, urlhaus.abuse.ch/url/3751506/; classtype:trojan-activity;sid:84614606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750743)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv7l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"201.149.127.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_05; reference:url, urlhaus.abuse.ch/url/3750743/; classtype:trojan-activity;sid:84613843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750735)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.149.127.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_05; reference:url, urlhaus.abuse.ch/url/3750735/; classtype:trojan-activity;sid:84613835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750736)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"201.149.127.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_05; reference:url, urlhaus.abuse.ch/url/3750736/; classtype:trojan-activity;sid:84613836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750737)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv4l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"201.149.127.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_05; reference:url, urlhaus.abuse.ch/url/3750737/; classtype:trojan-activity;sid:84613837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750738)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"201.149.127.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_05; reference:url, urlhaus.abuse.ch/url/3750738/; classtype:trojan-activity;sid:84613838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750739)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.149.127.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_05; reference:url, urlhaus.abuse.ch/url/3750739/; classtype:trojan-activity;sid:84613839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750740)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.aarch64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"201.149.127.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_05; reference:url, urlhaus.abuse.ch/url/3750740/; classtype:trojan-activity;sid:84613840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750741)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.arc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"201.149.127.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_05; reference:url, urlhaus.abuse.ch/url/3750741/; classtype:trojan-activity;sid:84613841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750742)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.sparc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"201.149.127.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_05; reference:url, urlhaus.abuse.ch/url/3750742/; classtype:trojan-activity;sid:84613842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750732)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv5l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"201.149.127.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_05; reference:url, urlhaus.abuse.ch/url/3750732/; classtype:trojan-activity;sid:84613832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750733)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv6l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"201.149.127.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_05; reference:url, urlhaus.abuse.ch/url/3750733/; classtype:trojan-activity;sid:84613833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750734)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"201.149.127.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_05; reference:url, urlhaus.abuse.ch/url/3750734/; classtype:trojan-activity;sid:84613834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750723)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.149.127.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_05; reference:url, urlhaus.abuse.ch/url/3750723/; classtype:trojan-activity;sid:84613823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750724)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.149.127.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_05; reference:url, urlhaus.abuse.ch/url/3750724/; classtype:trojan-activity;sid:84613824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750720)"; flow:established,from_client; content:"GET"; http_method; content:"/2_ransomware/go/aarch64-macos/angel"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"clisi.digifors.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_01_05; reference:url, urlhaus.abuse.ch/url/3750720/; classtype:trojan-activity;sid:84613820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750719)"; flow:established,from_client; content:"GET"; http_method; content:"/2_ransomware/go/aarch64-macos/angels"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"clisi.digifors.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_01_05; reference:url, urlhaus.abuse.ch/url/3750719/; classtype:trojan-activity;sid:84613819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750631)"; flow:established,from_client; content:"GET"; http_method; content:"/security/wizvera/delfino-g3/delfino-g3.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"download.kbcard.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_01_05; reference:url, urlhaus.abuse.ch/url/3750631/; classtype:trojan-activity;sid:84613731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750625)"; flow:established,from_client; content:"GET"; http_method; content:"/luckypatcher/luckypatcherinstaller.apk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"chelpus.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_05; reference:url, urlhaus.abuse.ch/url/3750625/; classtype:trojan-activity;sid:84613725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750602)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.42.229.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_05; reference:url, urlhaus.abuse.ch/url/3750602/; classtype:trojan-activity;sid:84613702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750259)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"tesllamacapp.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_01_04; reference:url, urlhaus.abuse.ch/url/3750259/; classtype:trojan-activity;sid:84613359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.231.35.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_04; reference:url, urlhaus.abuse.ch/url/3750144/; classtype:trojan-activity;sid:84613244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749794)"; flow:established,from_client; content:"GET"; http_method; content:"/buding1/139assicc.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"58.87.92.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_03; reference:url, urlhaus.abuse.ch/url/3749794/; classtype:trojan-activity;sid:84612894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749780)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/139assicc.dll"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"58.87.92.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_03; reference:url, urlhaus.abuse.ch/url/3749780/; classtype:trojan-activity;sid:84612880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749775)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/dbghelp.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"59.56.110.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_03; reference:url, urlhaus.abuse.ch/url/3749775/; classtype:trojan-activity;sid:84612875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749770)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/dbghelp.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"123.99.197.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_03; reference:url, urlhaus.abuse.ch/url/3749770/; classtype:trojan-activity;sid:84612870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749771)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/dbghelp.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.125.44.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_03; reference:url, urlhaus.abuse.ch/url/3749771/; classtype:trojan-activity;sid:84612871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749757)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/dbghelp.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.205.253.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_03; reference:url, urlhaus.abuse.ch/url/3749757/; classtype:trojan-activity;sid:84612857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.179.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_03; reference:url, urlhaus.abuse.ch/url/3749598/; classtype:trojan-activity;sid:84612698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.131.200.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_02; reference:url, urlhaus.abuse.ch/url/3749161/; classtype:trojan-activity;sid:84612261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.195.26.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_02; reference:url, urlhaus.abuse.ch/url/3749166/; classtype:trojan-activity;sid:84612266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749167)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.134.8.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_02; reference:url, urlhaus.abuse.ch/url/3749167/; classtype:trojan-activity;sid:84612267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749159)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.136.145.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_02; reference:url, urlhaus.abuse.ch/url/3749159/; classtype:trojan-activity;sid:84612259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.229.60.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_02; reference:url, urlhaus.abuse.ch/url/3748863/; classtype:trojan-activity;sid:84611963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748554)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.16.137.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748554/; classtype:trojan-activity;sid:84611654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748544)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.42.72.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748544/; classtype:trojan-activity;sid:84611644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748515)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.16.137.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748515/; classtype:trojan-activity;sid:84611615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748514)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"177.42.72.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748514/; classtype:trojan-activity;sid:84611614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748493)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"177.42.72.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748493/; classtype:trojan-activity;sid:84611593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748485)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"177.42.72.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748485/; classtype:trojan-activity;sid:84611585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748486)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.16.137.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748486/; classtype:trojan-activity;sid:84611586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748483)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.215.23.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748483/; classtype:trojan-activity;sid:84611583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748469)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"177.42.72.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748469/; classtype:trojan-activity;sid:84611569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748426)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"177.42.72.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748426/; classtype:trojan-activity;sid:84611526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748430)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.16.137.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748430/; classtype:trojan-activity;sid:84611530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748404)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"123.16.137.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748404/; classtype:trojan-activity;sid:84611504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748402)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.42.72.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748402/; classtype:trojan-activity;sid:84611502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748386)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.16.137.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748386/; classtype:trojan-activity;sid:84611486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748383)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.215.23.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748383/; classtype:trojan-activity;sid:84611483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748374)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.16.137.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748374/; classtype:trojan-activity;sid:84611474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748352)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.179.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748352/; classtype:trojan-activity;sid:84611452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748325)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"103.241.42.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748325/; classtype:trojan-activity;sid:84611425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748326)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"162.215.130.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748326/; classtype:trojan-activity;sid:84611426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748307)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"178.159.11.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748307/; classtype:trojan-activity;sid:84611407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748297)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"66.39.17.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748297/; classtype:trojan-activity;sid:84611397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748302)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"178.159.11.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748302/; classtype:trojan-activity;sid:84611402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748279)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"199.168.184.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748279/; classtype:trojan-activity;sid:84611379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748280)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"98.70.13.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748280/; classtype:trojan-activity;sid:84611380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748261)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"165.73.81.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748261/; classtype:trojan-activity;sid:84611361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748263)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"49.13.228.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748263/; classtype:trojan-activity;sid:84611363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748258)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"152.42.225.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748258/; classtype:trojan-activity;sid:84611358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748249)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"198.91.87.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748249/; classtype:trojan-activity;sid:84611349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748253)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"199.168.184.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748253/; classtype:trojan-activity;sid:84611353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748243)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"118.139.167.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748243/; classtype:trojan-activity;sid:84611343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748235)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"18.176.47.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748235/; classtype:trojan-activity;sid:84611335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748225)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"92.205.227.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748225/; classtype:trojan-activity;sid:84611325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748221)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"92.53.69.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748221/; classtype:trojan-activity;sid:84611321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748222)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"202.154.5.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748222/; classtype:trojan-activity;sid:84611322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748223)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"92.53.69.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748223/; classtype:trojan-activity;sid:84611323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748204)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"5.35.124.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748204/; classtype:trojan-activity;sid:84611304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748205)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"94.130.229.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748205/; classtype:trojan-activity;sid:84611305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748200)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"144.208.73.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748200/; classtype:trojan-activity;sid:84611300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748201)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"112.220.72.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748201/; classtype:trojan-activity;sid:84611301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748192)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"54.197.245.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748192/; classtype:trojan-activity;sid:84611292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748193)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"165.73.81.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748193/; classtype:trojan-activity;sid:84611293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748194)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"98.70.13.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748194/; classtype:trojan-activity;sid:84611294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748187)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"54.197.245.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748187/; classtype:trojan-activity;sid:84611287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748189)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"5.63.157.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748189/; classtype:trojan-activity;sid:84611289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748180)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"185.80.0.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748180/; classtype:trojan-activity;sid:84611280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748176)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"198.91.87.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748176/; classtype:trojan-activity;sid:84611276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748173)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"193.57.33.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748173/; classtype:trojan-activity;sid:84611273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748166)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"103.241.42.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748166/; classtype:trojan-activity;sid:84611266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748152)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"209.250.2.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748152/; classtype:trojan-activity;sid:84611252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748154)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"144.22.251.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748154/; classtype:trojan-activity;sid:84611254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748159)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"112.220.72.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748159/; classtype:trojan-activity;sid:84611259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748162)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"88.198.19.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748162/; classtype:trojan-activity;sid:84611262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748163)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"116.118.47.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748163/; classtype:trojan-activity;sid:84611263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748165)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"201.182.25.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748165/; classtype:trojan-activity;sid:84611265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748137)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"209.250.2.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748137/; classtype:trojan-activity;sid:84611237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748127)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"150.95.27.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748127/; classtype:trojan-activity;sid:84611227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748131)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"173.231.196.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748131/; classtype:trojan-activity;sid:84611231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748133)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"162.215.130.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748133/; classtype:trojan-activity;sid:84611233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748100)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"185.214.192.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748100/; classtype:trojan-activity;sid:84611200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748110)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"44.208.147.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748110/; classtype:trojan-activity;sid:84611210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748116)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"91.99.59.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748116/; classtype:trojan-activity;sid:84611216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748119)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"35.226.92.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748119/; classtype:trojan-activity;sid:84611219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748096)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"164.160.41.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748096/; classtype:trojan-activity;sid:84611196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748069)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"178.210.83.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748069/; classtype:trojan-activity;sid:84611169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748074)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"74.50.99.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748074/; classtype:trojan-activity;sid:84611174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748044)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"13.58.223.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748044/; classtype:trojan-activity;sid:84611144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748028)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"13.58.223.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748028/; classtype:trojan-activity;sid:84611128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747725)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"58.182.146.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747725/; classtype:trojan-activity;sid:84610825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747694)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"58.182.146.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747694/; classtype:trojan-activity;sid:84610794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747690)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"58.182.146.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747690/; classtype:trojan-activity;sid:84610790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747685)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"58.182.146.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747685/; classtype:trojan-activity;sid:84610785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747686)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"58.182.146.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747686/; classtype:trojan-activity;sid:84610786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747684)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"58.182.146.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747684/; classtype:trojan-activity;sid:84610784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747141)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"175.195.26.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_31; reference:url, urlhaus.abuse.ch/url/3747141/; classtype:trojan-activity;sid:84610241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3746868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.166.57.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_12_30; reference:url, urlhaus.abuse.ch/url/3746868/; classtype:trojan-activity;sid:84609968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3746867)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.123.26.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_30; reference:url, urlhaus.abuse.ch/url/3746867/; classtype:trojan-activity;sid:84609967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3746316)"; flow:established,from_client; content:"GET"; http_method; content:"/sxp/i/522f8dbab717f669a06afa9122107971.js"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ob.youstarsbuilding.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_12_30; reference:url, urlhaus.abuse.ch/url/3746316/; classtype:trojan-activity;sid:84609416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3746314)"; flow:established,from_client; content:"GET"; http_method; content:"/sxp/i/522f8dbab717f669a06afa9122107971.js"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"euob.youstarsbuilding.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_12_30; reference:url, urlhaus.abuse.ch/url/3746314/; classtype:trojan-activity;sid:84609414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745748)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_12_29; reference:url, urlhaus.abuse.ch/url/3745748/; classtype:trojan-activity;sid:84608848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745393)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"202.56.160.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_28; reference:url, urlhaus.abuse.ch/url/3745393/; classtype:trojan-activity;sid:84608493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745195)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_28; reference:url, urlhaus.abuse.ch/url/3745195/; classtype:trojan-activity;sid:84608295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745196)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_28; reference:url, urlhaus.abuse.ch/url/3745196/; classtype:trojan-activity;sid:84608296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745197)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_28; reference:url, urlhaus.abuse.ch/url/3745197/; classtype:trojan-activity;sid:84608297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745192)"; flow:established,from_client; content:"GET"; http_method; content:"/20210408/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_28; reference:url, urlhaus.abuse.ch/url/3745192/; classtype:trojan-activity;sid:84608292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745193)"; flow:established,from_client; content:"GET"; http_method; content:"/20210408/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_28; reference:url, urlhaus.abuse.ch/url/3745193/; classtype:trojan-activity;sid:84608293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3744396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.176.50.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_26; reference:url, urlhaus.abuse.ch/url/3744396/; classtype:trojan-activity;sid:84607496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3744388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.176.50.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_26; reference:url, urlhaus.abuse.ch/url/3744388/; classtype:trojan-activity;sid:84607488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3744164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.213.252.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_26; reference:url, urlhaus.abuse.ch/url/3744164/; classtype:trojan-activity;sid:84607264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743524)"; flow:established,from_client; content:"GET"; http_method; content:"/driver_en_msc_amd_v22.39.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"filezilla.cc"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743524/; classtype:trojan-activity;sid:84606624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743457)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"152.89.247.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743457/; classtype:trojan-activity;sid:84606557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743405)"; flow:established,from_client; content:"GET"; http_method; content:"/sxp/i/522f8dbab717f669a06afa9122107971.js"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"euob.youstarsbuilding.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743405/; classtype:trojan-activity;sid:84606505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743375)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%80%80%e6%97%a7%e8%af%9b%e4%bb%99.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"202.189.11.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743375/; classtype:trojan-activity;sid:84606475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743354)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"106.54.220.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743354/; classtype:trojan-activity;sid:84606454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743323)"; flow:established,from_client; content:"GET"; http_method; content:"/files/plugins/sess1594985553/sessiontools/uvsodsae.msi"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"royalindiancurryclub.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743323/; classtype:trojan-activity;sid:84606423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743272)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743272/; classtype:trojan-activity;sid:84606372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743271)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743271/; classtype:trojan-activity;sid:84606371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743175)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%83%85%e7%bc%98%e6%80%80%e6%97%a7/%e6%83%85%e6%84%bf%e6%80%80%e6%97%a7.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"139.199.191.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743175/; classtype:trojan-activity;sid:84606275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743173)"; flow:established,from_client; content:"GET"; http_method; content:"/%e7%8c%b4%e5%ad%90/%e6%a2%a6%e5%b9%bb%e9%ad%94%e7%95%8c%e7%94%b5%e8%84%91%e7%ab%af.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"139.199.191.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743173/; classtype:trojan-activity;sid:84606273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743168)"; flow:established,from_client; content:"GET"; http_method; content:"/1/%e6%a2%a6%e5%b9%bb%e9%ad%94%e7%95%8c%e7%94%b5%e8%84%91%e7%ab%af.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"139.199.191.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743168/; classtype:trojan-activity;sid:84606268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3742020)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3742020/; classtype:trojan-activity;sid:84605120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3742013)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3742013/; classtype:trojan-activity;sid:84605113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3742007)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3742007/; classtype:trojan-activity;sid:84605107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3742005)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3742005/; classtype:trojan-activity;sid:84605105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741991)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741991/; classtype:trojan-activity;sid:84605091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741975)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741975/; classtype:trojan-activity;sid:84605075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741976)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741976/; classtype:trojan-activity;sid:84605076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741974)"; flow:established,from_client; content:"GET"; http_method; content:"/20250101/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741974/; classtype:trojan-activity;sid:84605074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741972)"; flow:established,from_client; content:"GET"; http_method; content:"/20250101/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741972/; classtype:trojan-activity;sid:84605072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741971)"; flow:established,from_client; content:"GET"; http_method; content:"/20250101/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741971/; classtype:trojan-activity;sid:84605071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741968)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"106.54.220.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741968/; classtype:trojan-activity;sid:84605068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741966)"; flow:established,from_client; content:"GET"; http_method; content:"/20250811/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741966/; classtype:trojan-activity;sid:84605066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741967)"; flow:established,from_client; content:"GET"; http_method; content:"/20250809/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741967/; classtype:trojan-activity;sid:84605067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741963)"; flow:established,from_client; content:"GET"; http_method; content:"/20250101/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741963/; classtype:trojan-activity;sid:84605063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741947)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741947/; classtype:trojan-activity;sid:84605047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741948)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741948/; classtype:trojan-activity;sid:84605048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741949)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741949/; classtype:trojan-activity;sid:84605049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741940)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741940/; classtype:trojan-activity;sid:84605040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741658)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.174.76.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741658/; classtype:trojan-activity;sid:84604758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741660)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.174.76.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741660/; classtype:trojan-activity;sid:84604760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741636)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.174.76.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741636/; classtype:trojan-activity;sid:84604736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741637)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.174.76.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741637/; classtype:trojan-activity;sid:84604737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741638)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"107.174.76.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741638/; classtype:trojan-activity;sid:84604738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741639)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.174.76.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741639/; classtype:trojan-activity;sid:84604739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741641)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.174.76.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741641/; classtype:trojan-activity;sid:84604741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741642)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.174.76.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741642/; classtype:trojan-activity;sid:84604742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741643)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.174.76.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741643/; classtype:trojan-activity;sid:84604743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741644)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.174.76.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741644/; classtype:trojan-activity;sid:84604744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741630)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.174.76.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741630/; classtype:trojan-activity;sid:84604730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741631)"; flow:established,from_client; content:"GET"; http_method; content:"/440fp"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.174.76.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741631/; classtype:trojan-activity;sid:84604731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741632)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.174.76.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741632/; classtype:trojan-activity;sid:84604732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741633)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.174.76.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741633/; classtype:trojan-activity;sid:84604733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741634)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.174.76.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741634/; classtype:trojan-activity;sid:84604734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741635)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.174.76.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741635/; classtype:trojan-activity;sid:84604735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741548)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.190.160.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741548/; classtype:trojan-activity;sid:84604648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.195.228.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741533/; classtype:trojan-activity;sid:84604633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.162.188.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741538/; classtype:trojan-activity;sid:84604638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.231.131.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741528/; classtype:trojan-activity;sid:84604628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741523)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.187.54.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741523/; classtype:trojan-activity;sid:84604623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741524)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.187.54.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741524/; classtype:trojan-activity;sid:84604624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741475)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"221.142.48.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741475/; classtype:trojan-activity;sid:84604575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741397)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"indeanapolice.cc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741397/; classtype:trojan-activity;sid:84604497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741336)"; flow:established,from_client; content:"GET"; http_method; content:"/files/auhavkiq.msi"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"royalindiancurryclub.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741336/; classtype:trojan-activity;sid:84604436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741204)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.241.17.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741204/; classtype:trojan-activity;sid:84604304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741201)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.241.17.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741201/; classtype:trojan-activity;sid:84604301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741202)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.241.17.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741202/; classtype:trojan-activity;sid:84604302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741193)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.230.111.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741193/; classtype:trojan-activity;sid:84604293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741182)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.241.17.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741182/; classtype:trojan-activity;sid:84604282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741183)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.241.17.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741183/; classtype:trojan-activity;sid:84604283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741186)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.241.17.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741186/; classtype:trojan-activity;sid:84604286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741153)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.230.111.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741153/; classtype:trojan-activity;sid:84604253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741109)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741109/; classtype:trojan-activity;sid:84604209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741086)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741086/; classtype:trojan-activity;sid:84604186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741068)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.230.111.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741068/; classtype:trojan-activity;sid:84604168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741049)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741049/; classtype:trojan-activity;sid:84604149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741029)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"182.163.114.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741029/; classtype:trojan-activity;sid:84604129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741026)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.230.111.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741026/; classtype:trojan-activity;sid:84604126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741024)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741024/; classtype:trojan-activity;sid:84604124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741009)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741009/; classtype:trojan-activity;sid:84604109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3740979)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"152.230.111.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3740979/; classtype:trojan-activity;sid:84604079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3740945)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.230.111.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3740945/; classtype:trojan-activity;sid:84604045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3739840)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"171.231.131.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_22; reference:url, urlhaus.abuse.ch/url/3739840/; classtype:trojan-activity;sid:84602940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3739797)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.6.14.135"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_12_22; reference:url, urlhaus.abuse.ch/url/3739797/; classtype:trojan-activity;sid:84602897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3739005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.21.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_21; reference:url, urlhaus.abuse.ch/url/3739005/; classtype:trojan-activity;sid:84602105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3738370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.59.2.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_20; reference:url, urlhaus.abuse.ch/url/3738370/; classtype:trojan-activity;sid:84601470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3738214)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"60.205.139.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_20; reference:url, urlhaus.abuse.ch/url/3738214/; classtype:trojan-activity;sid:84601314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3738191)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.220.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_20; reference:url, urlhaus.abuse.ch/url/3738191/; classtype:trojan-activity;sid:84601291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3738173)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.24.64.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_20; reference:url, urlhaus.abuse.ch/url/3738173/; classtype:trojan-activity;sid:84601273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3738164)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.81.169"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_12_20; reference:url, urlhaus.abuse.ch/url/3738164/; classtype:trojan-activity;sid:84601264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3738161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.86.237.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_20; reference:url, urlhaus.abuse.ch/url/3738161/; classtype:trojan-activity;sid:84601261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3737400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.249.142.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_19; reference:url, urlhaus.abuse.ch/url/3737400/; classtype:trojan-activity;sid:84600500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3737382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.249.142.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_19; reference:url, urlhaus.abuse.ch/url/3737382/; classtype:trojan-activity;sid:84600482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3736902)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/public/01/tun/tun.hta"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"innlive.in"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_19; reference:url, urlhaus.abuse.ch/url/3736902/; classtype:trojan-activity;sid:84600002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3736211)"; flow:established,from_client; content:"GET"; http_method; content:"/atom.xml"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hotelsep.blogspot.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_12_18; reference:url, urlhaus.abuse.ch/url/3736211/; classtype:trojan-activity;sid:84599311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3736212)"; flow:established,from_client; content:"GET"; http_method; content:"/nimper.pdf"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.backupallfresh2030.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_12_18; reference:url, urlhaus.abuse.ch/url/3736212/; classtype:trojan-activity;sid:84599312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3736098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.149.206.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_18; reference:url, urlhaus.abuse.ch/url/3736098/; classtype:trojan-activity;sid:84599198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735640)"; flow:established,from_client; content:"GET"; http_method; content:"/rv32"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735640/; classtype:trojan-activity;sid:84598740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735641)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735641/; classtype:trojan-activity;sid:84598741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735632)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735632/; classtype:trojan-activity;sid:84598732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735633)"; flow:established,from_client; content:"GET"; http_method; content:"/gay.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735633/; classtype:trojan-activity;sid:84598733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735606)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735606/; classtype:trojan-activity;sid:84598706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735607)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735607/; classtype:trojan-activity;sid:84598707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735608)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735608/; classtype:trojan-activity;sid:84598708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735611)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735611/; classtype:trojan-activity;sid:84598711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735600)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735600/; classtype:trojan-activity;sid:84598700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735599)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735599/; classtype:trojan-activity;sid:84598699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735580)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735580/; classtype:trojan-activity;sid:84598680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735583)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735583/; classtype:trojan-activity;sid:84598683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735584)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rv64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735584/; classtype:trojan-activity;sid:84598684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735590)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735590/; classtype:trojan-activity;sid:84598690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735593)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735593/; classtype:trojan-activity;sid:84598693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735594)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rv32"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735594/; classtype:trojan-activity;sid:84598694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735572)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735572/; classtype:trojan-activity;sid:84598672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735575)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735575/; classtype:trojan-activity;sid:84598675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735578)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735578/; classtype:trojan-activity;sid:84598678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735570)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735570/; classtype:trojan-activity;sid:84598670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735566)"; flow:established,from_client; content:"GET"; http_method; content:"/rv64"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735566/; classtype:trojan-activity;sid:84598666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735539)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735539/; classtype:trojan-activity;sid:84598639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735540)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735540/; classtype:trojan-activity;sid:84598640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735541)"; flow:established,from_client; content:"GET"; http_method; content:"/infect.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735541/; classtype:trojan-activity;sid:84598641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735543)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735543/; classtype:trojan-activity;sid:84598643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735544)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735544/; classtype:trojan-activity;sid:84598644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735548)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735548/; classtype:trojan-activity;sid:84598648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735550)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735550/; classtype:trojan-activity;sid:84598650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735553)"; flow:established,from_client; content:"GET"; http_method; content:"/arm64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735553/; classtype:trojan-activity;sid:84598653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735558)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"89.32.41.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735558/; classtype:trojan-activity;sid:84598658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"63.245.127.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735382/; classtype:trojan-activity;sid:84598482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.110.182.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735377/; classtype:trojan-activity;sid:84598477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.46.115.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735343/; classtype:trojan-activity;sid:84598443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.150.21.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735288/; classtype:trojan-activity;sid:84598388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735145)"; flow:established,from_client; content:"GET"; http_method; content:"/samoto/annrqsjdtjwz230.bin"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"polonyauniversiteleri.com.tr"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735145/; classtype:trojan-activity;sid:84598245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735144)"; flow:established,from_client; content:"GET"; http_method; content:"/samoto/juveltwr.lpk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"polonyauniversiteleri.com.tr"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735144/; classtype:trojan-activity;sid:84598244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3734705)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.198.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_16; reference:url, urlhaus.abuse.ch/url/3734705/; classtype:trojan-activity;sid:84597805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3734700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.6.196.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_16; reference:url, urlhaus.abuse.ch/url/3734700/; classtype:trojan-activity;sid:84597800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3734674)"; flow:established,from_client; content:"GET"; http_method; content:"/23/zech_group_sp_project_%20rfq_specifications_65486_pdf.rar"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"uniform-factory.ae"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_12_16; reference:url, urlhaus.abuse.ch/url/3734674/; classtype:trojan-activity;sid:84597774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3733913)"; flow:established,from_client; content:"GET"; http_method; content:"/usr/uploads/file/202002/20200210195059_78353.rar"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"zhigao5191.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_15; reference:url, urlhaus.abuse.ch/url/3733913/; classtype:trojan-activity;sid:84597013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3733819)"; flow:established,from_client; content:"GET"; http_method; content:"/liljaber/am/raw/refs/heads/main/shellhost.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_15; reference:url, urlhaus.abuse.ch/url/3733819/; classtype:trojan-activity;sid:84596919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3733127)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/psbbmyya.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"hqweb.id.vn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_12_13; reference:url, urlhaus.abuse.ch/url/3733127/; classtype:trojan-activity;sid:84596227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3733042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"129.0.120.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_13; reference:url, urlhaus.abuse.ch/url/3733042/; classtype:trojan-activity;sid:84596142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3733040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.68.214.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_13; reference:url, urlhaus.abuse.ch/url/3733040/; classtype:trojan-activity;sid:84596140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732943)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/139assicc.dll"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"192.140.189.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_13; reference:url, urlhaus.abuse.ch/url/3732943/; classtype:trojan-activity;sid:84596043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732383)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.123.26.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_12; reference:url, urlhaus.abuse.ch/url/3732383/; classtype:trojan-activity;sid:84595483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732378)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.39.215.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_12; reference:url, urlhaus.abuse.ch/url/3732378/; classtype:trojan-activity;sid:84595478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732316)"; flow:established,from_client; content:"GET"; http_method; content:"/jyso-1.3.6.jar"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.165.81.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_12; reference:url, urlhaus.abuse.ch/url/3732316/; classtype:trojan-activity;sid:84595416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732133)"; flow:established,from_client; content:"GET"; http_method; content:"/eathena/tools/bymyzter/eabackup.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"paradox924x.pages.dev"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_12_12; reference:url, urlhaus.abuse.ch/url/3732133/; classtype:trojan-activity;sid:84595233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732129)"; flow:established,from_client; content:"GET"; http_method; content:"/eathena/tools/bybakausagi/spr_conview_v0.11.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"paradox924x.pages.dev"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_12_12; reference:url, urlhaus.abuse.ch/url/3732129/; classtype:trojan-activity;sid:84595229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732121)"; flow:established,from_client; content:"GET"; http_method; content:"/jndiexploit-1.4-snapshot.jar"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"103.165.81.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_12; reference:url, urlhaus.abuse.ch/url/3732121/; classtype:trojan-activity;sid:84595221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732110)"; flow:established,from_client; content:"GET"; http_method; content:"/traitor"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.165.81.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_12; reference:url, urlhaus.abuse.ch/url/3732110/; classtype:trojan-activity;sid:84595210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732108)"; flow:established,from_client; content:"GET"; http_method; content:"/linpeas"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.165.81.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_12; reference:url, urlhaus.abuse.ch/url/3732108/; classtype:trojan-activity;sid:84595208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732098)"; flow:established,from_client; content:"GET"; http_method; content:"/exp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.165.81.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_12; reference:url, urlhaus.abuse.ch/url/3732098/; classtype:trojan-activity;sid:84595198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732097)"; flow:established,from_client; content:"GET"; http_method; content:"/csrss.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.165.81.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_12; reference:url, urlhaus.abuse.ch/url/3732097/; classtype:trojan-activity;sid:84595197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731630)"; flow:established,from_client; content:"GET"; http_method; content:"/modelo/cr.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"joyeriatauro.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_12_11; reference:url, urlhaus.abuse.ch/url/3731630/; classtype:trojan-activity;sid:84594730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731351)"; flow:established,from_client; content:"GET"; http_method; content:"/modelo/v1d.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"joyeriatauro.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_12_11; reference:url, urlhaus.abuse.ch/url/3731351/; classtype:trojan-activity;sid:84594451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731347)"; flow:established,from_client; content:"GET"; http_method; content:"/modelo/c1i.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"joyeriatauro.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_12_11; reference:url, urlhaus.abuse.ch/url/3731347/; classtype:trojan-activity;sid:84594447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731299)"; flow:established,from_client; content:"GET"; http_method; content:"/molo243r/fivem-weather-control/main/pneumonorrhagia/fivem-weather-control.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731299/; classtype:trojan-activity;sid:84594399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731286)"; flow:established,from_client; content:"GET"; http_method; content:"/nalleysh/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731286/; classtype:trojan-activity;sid:84594386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731287)"; flow:established,from_client; content:"GET"; http_method; content:"/el1nns/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731287/; classtype:trojan-activity;sid:84594387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731283)"; flow:established,from_client; content:"GET"; http_method; content:"/d3xxth/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731283/; classtype:trojan-activity;sid:84594383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731275)"; flow:established,from_client; content:"GET"; http_method; content:"/creyty1h/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731275/; classtype:trojan-activity;sid:84594375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731271)"; flow:established,from_client; content:"GET"; http_method; content:"/v1llenth/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731271/; classtype:trojan-activity;sid:84594371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731257)"; flow:established,from_client; content:"GET"; http_method; content:"/rayn1e/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731257/; classtype:trojan-activity;sid:84594357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731244)"; flow:established,from_client; content:"GET"; http_method; content:"/colleshake/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731244/; classtype:trojan-activity;sid:84594344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731243)"; flow:established,from_client; content:"GET"; http_method; content:"/arcellys/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731243/; classtype:trojan-activity;sid:84594343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731242)"; flow:established,from_client; content:"GET"; http_method; content:"/n1elcery/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731242/; classtype:trojan-activity;sid:84594342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731239)"; flow:established,from_client; content:"GET"; http_method; content:"/recctan1o/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731239/; classtype:trojan-activity;sid:84594339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731238)"; flow:established,from_client; content:"GET"; http_method; content:"/kesslyy27/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731238/; classtype:trojan-activity;sid:84594338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731232)"; flow:established,from_client; content:"GET"; http_method; content:"/ssten1/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731232/; classtype:trojan-activity;sid:84594332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731096)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"114.242.100.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731096/; classtype:trojan-activity;sid:84594196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730787)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.187.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730787/; classtype:trojan-activity;sid:84593887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730785)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.187.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730785/; classtype:trojan-activity;sid:84593885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730754)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.187.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730754/; classtype:trojan-activity;sid:84593854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730727)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.187.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730727/; classtype:trojan-activity;sid:84593827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730681)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.187.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730681/; classtype:trojan-activity;sid:84593781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730669)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.187.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730669/; classtype:trojan-activity;sid:84593769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730651)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.187.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730651/; classtype:trojan-activity;sid:84593751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730605)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_122124_mahal-node2/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730605/; classtype:trojan-activity;sid:84593705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730310)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/config.json"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"acaviationsupplies.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730310/; classtype:trojan-activity;sid:84593410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730311)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xi3twfy4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730311/; classtype:trojan-activity;sid:84593411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3729861)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"180.76.141.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_09; reference:url, urlhaus.abuse.ch/url/3729861/; classtype:trojan-activity;sid:84592961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3729678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.247.226.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_09; reference:url, urlhaus.abuse.ch/url/3729678/; classtype:trojan-activity;sid:84592778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3729467)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"62.60.226.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_08; reference:url, urlhaus.abuse.ch/url/3729467/; classtype:trojan-activity;sid:84592567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3729416)"; flow:established,from_client; content:"GET"; http_method; content:"/js/panel/uploads/optimized_msi.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"bvaco.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_12_08; reference:url, urlhaus.abuse.ch/url/3729416/; classtype:trojan-activity;sid:84592516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3729323)"; flow:established,from_client; content:"GET"; http_method; content:"/readme.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"192.3.27.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_08; reference:url, urlhaus.abuse.ch/url/3729323/; classtype:trojan-activity;sid:84592423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3729248)"; flow:established,from_client; content:"GET"; http_method; content:"/static/clean/clean.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"static.youdm.cn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_08; reference:url, urlhaus.abuse.ch/url/3729248/; classtype:trojan-activity;sid:84592348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3729188)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.89.95.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_12_08; reference:url, urlhaus.abuse.ch/url/3729188/; classtype:trojan-activity;sid:84592288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3729170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.149.206.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_08; reference:url, urlhaus.abuse.ch/url/3729170/; classtype:trojan-activity;sid:84592270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3728954)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.7.149.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_07; reference:url, urlhaus.abuse.ch/url/3728954/; classtype:trojan-activity;sid:84592054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3727342)"; flow:established,from_client; content:"GET"; http_method; content:"/01.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.32.169.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_06; reference:url, urlhaus.abuse.ch/url/3727342/; classtype:trojan-activity;sid:84590442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3727327)"; flow:established,from_client; content:"GET"; http_method; content:"/sex.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"68.178.168.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_06; reference:url, urlhaus.abuse.ch/url/3727327/; classtype:trojan-activity;sid:84590427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3726789)"; flow:established,from_client; content:"GET"; http_method; content:"/test"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.11.240.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_06; reference:url, urlhaus.abuse.ch/url/3726789/; classtype:trojan-activity;sid:84589889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3726005)"; flow:established,from_client; content:"GET"; http_method; content:"/receipt_11_26_2025.msi"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"alineeleuterio.com.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_12_05; reference:url, urlhaus.abuse.ch/url/3726005/; classtype:trojan-activity;sid:84589105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3725201)"; flow:established,from_client; content:"GET"; http_method; content:"/file/redmi%20ax3000/%e8%b7%af%e7%94%b1%e5%99%a8%e4%bf%ae%e5%a4%8d%e5%b7%a5%e5%85%b7/miwifirepairtool.x86.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"hzxcaq-github-io.pages.dev"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3725201/; classtype:trojan-activity;sid:84588301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3725129)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.190.161.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3725129/; classtype:trojan-activity;sid:84588229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3725126)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.149.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3725126/; classtype:trojan-activity;sid:84588226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3725097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.219.38.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3725097/; classtype:trojan-activity;sid:84588197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3725003)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.150.186.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3725003/; classtype:trojan-activity;sid:84588103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724903)"; flow:established,from_client; content:"GET"; http_method; content:"/zoom/windows/download.php"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"id3basketball.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3724903/; classtype:trojan-activity;sid:84588003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724888)"; flow:established,from_client; content:"GET"; http_method; content:"/gretech/promotion_sw/gomplayer/fastping_silent_v4.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"cdn.gomlab.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3724888/; classtype:trojan-activity;sid:84587988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/linux/linux.tar.gz"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"miner.pages.dev"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3724884/; classtype:trojan-activity;sid:84587984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win/miner.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"miner.pages.dev"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3724883/; classtype:trojan-activity;sid:84587983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724319)"; flow:established,from_client; content:"GET"; http_method; content:"/files/mouse-jiggler/mousejiggler_2.1.0.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"lon-01.dlo4d.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_12_03; reference:url, urlhaus.abuse.ch/url/3724319/; classtype:trojan-activity;sid:84587419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724235)"; flow:established,from_client; content:"GET"; http_method; content:"/fecund.lpk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.mobimpex.ro"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_03; reference:url, urlhaus.abuse.ch/url/3724235/; classtype:trojan-activity;sid:84587335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724236)"; flow:established,from_client; content:"GET"; http_method; content:"/hrcxpywfcshe8.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.mobimpex.ro"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_03; reference:url, urlhaus.abuse.ch/url/3724236/; classtype:trojan-activity;sid:84587336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724034)"; flow:established,from_client; content:"GET"; http_method; content:"/res/keditor/2019_11/3c7a829a_893c_4f02_a407_6b0918c321c2.rar"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"en.taichuan.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_03; reference:url, urlhaus.abuse.ch/url/3724034/; classtype:trojan-activity;sid:84587134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724008)"; flow:established,from_client; content:"GET"; http_method; content:"/krnl.lua.script.injector.v1.3.4.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"injectroblox.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_03; reference:url, urlhaus.abuse.ch/url/3724008/; classtype:trojan-activity;sid:84587108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3723880)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoftbs.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"120.48.115.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_03; reference:url, urlhaus.abuse.ch/url/3723880/; classtype:trojan-activity;sid:84586980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3723069)"; flow:established,from_client; content:"GET"; http_method; content:"/4.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"62.60.226.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3723069/; classtype:trojan-activity;sid:84586169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722910)"; flow:established,from_client; content:"GET"; http_method; content:"/~wwsync/sync.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"162.240.179.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3722910/; classtype:trojan-activity;sid:84586010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722911)"; flow:established,from_client; content:"GET"; http_method; content:"/~wwsync/sync.arm4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"162.240.179.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3722911/; classtype:trojan-activity;sid:84586011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722913)"; flow:established,from_client; content:"GET"; http_method; content:"/fent.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.95.248.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3722913/; classtype:trojan-activity;sid:84586013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722915)"; flow:established,from_client; content:"GET"; http_method; content:"/fent.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.95.248.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3722915/; classtype:trojan-activity;sid:84586015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722894)"; flow:established,from_client; content:"GET"; http_method; content:"/~wwsync/gang.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"162.240.179.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3722894/; classtype:trojan-activity;sid:84585994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722895)"; flow:established,from_client; content:"GET"; http_method; content:"/~wwsync/sync.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"162.240.179.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3722895/; classtype:trojan-activity;sid:84585995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722898)"; flow:established,from_client; content:"GET"; http_method; content:"/~wwsync/sync.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"162.240.179.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3722898/; classtype:trojan-activity;sid:84585998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722899)"; flow:established,from_client; content:"GET"; http_method; content:"/~wwsync/sync.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"162.240.179.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3722899/; classtype:trojan-activity;sid:84585999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722902)"; flow:established,from_client; content:"GET"; http_method; content:"/~wwsync/sync.mipsel"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"162.240.179.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3722902/; classtype:trojan-activity;sid:84586002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722903)"; flow:established,from_client; content:"GET"; http_method; content:"/~wwsync/gang.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"162.240.179.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3722903/; classtype:trojan-activity;sid:84586003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722793)"; flow:established,from_client; content:"GET"; http_method; content:"/~wwsync/gang.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"162.240.179.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3722793/; classtype:trojan-activity;sid:84585893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722784)"; flow:established,from_client; content:"GET"; http_method; content:"/~wwsync/gang.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"162.240.179.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3722784/; classtype:trojan-activity;sid:84585884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722785)"; flow:established,from_client; content:"GET"; http_method; content:"/~wwsync/sync.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"162.240.179.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3722785/; classtype:trojan-activity;sid:84585885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722786)"; flow:established,from_client; content:"GET"; http_method; content:"/~wwsync/sync.mipsel"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"162.240.179.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3722786/; classtype:trojan-activity;sid:84585886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722788)"; flow:established,from_client; content:"GET"; http_method; content:"/~wwsync/sync.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"162.240.179.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3722788/; classtype:trojan-activity;sid:84585888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722789)"; flow:established,from_client; content:"GET"; http_method; content:"/~wwsync/sync.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"162.240.179.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3722789/; classtype:trojan-activity;sid:84585889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722791)"; flow:established,from_client; content:"GET"; http_method; content:"/~wwsync/sync.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"162.240.179.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3722791/; classtype:trojan-activity;sid:84585891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722792)"; flow:established,from_client; content:"GET"; http_method; content:"/~wwsync/sync.arm4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"162.240.179.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3722792/; classtype:trojan-activity;sid:84585892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722401)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"62.60.226.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_01; reference:url, urlhaus.abuse.ch/url/3722401/; classtype:trojan-activity;sid:84585501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.219.58.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_01; reference:url, urlhaus.abuse.ch/url/3722385/; classtype:trojan-activity;sid:84585485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.154.141.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_01; reference:url, urlhaus.abuse.ch/url/3722386/; classtype:trojan-activity;sid:84585486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722157)"; flow:established,from_client; content:"GET"; http_method; content:"/file.ext"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"179.43.189.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_01; reference:url, urlhaus.abuse.ch/url/3722157/; classtype:trojan-activity;sid:84585257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722074)"; flow:established,from_client; content:"GET"; http_method; content:"/~wwsync/x.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"162.240.179.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_01; reference:url, urlhaus.abuse.ch/url/3722074/; classtype:trojan-activity;sid:84585174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722069)"; flow:established,from_client; content:"GET"; http_method; content:"/app/top8bet.apk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"top8onlinegame.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_12_01; reference:url, urlhaus.abuse.ch/url/3722069/; classtype:trojan-activity;sid:84585169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722066)"; flow:established,from_client; content:"GET"; http_method; content:"/~wwsync/sync.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"162.240.179.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_01; reference:url, urlhaus.abuse.ch/url/3722066/; classtype:trojan-activity;sid:84585166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722064)"; flow:established,from_client; content:"GET"; http_method; content:"/~wwsync/sync.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"162.240.179.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_01; reference:url, urlhaus.abuse.ch/url/3722064/; classtype:trojan-activity;sid:84585164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3721676)"; flow:established,from_client; content:"GET"; http_method; content:"/~wwsync/sync.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"162.240.179.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_30; reference:url, urlhaus.abuse.ch/url/3721676/; classtype:trojan-activity;sid:84584776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3721674)"; flow:established,from_client; content:"GET"; http_method; content:"/~wwsync/sync.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"162.240.179.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_30; reference:url, urlhaus.abuse.ch/url/3721674/; classtype:trojan-activity;sid:84584774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3721649)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"62.60.226.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_30; reference:url, urlhaus.abuse.ch/url/3721649/; classtype:trojan-activity;sid:84584749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3721528)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"62.60.226.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_30; reference:url, urlhaus.abuse.ch/url/3721528/; classtype:trojan-activity;sid:84584628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3721465)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"72.201.150.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_30; reference:url, urlhaus.abuse.ch/url/3721465/; classtype:trojan-activity;sid:84584565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3721055)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a7%e5%93%81%e8%b5%84%e6%96%99%e5%8c%85/%e6%99%ae%e9%80%9a%e5%9e%8b%e4%ba%a7%e5%93%81%e8%b5%84%e6%96%99%e5%8c%85/485%e5%9e%8b%e8%ae%be%e5%a4%87%e8%b5%84%e6%96%99%e5%8c%85.rar"; http_uri; depth:181; isdataat:!1,relative; nocase; content:"save.jnrsmcu.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_30; reference:url, urlhaus.abuse.ch/url/3721055/; classtype:trojan-activity;sid:84584155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3721054)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%85%84%e5%bc%9f%e4%bc%a0%e5%a5%87%e3%80%90%e5%a4%8d%e5%8f%a4%e3%80%91.rar"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"xdcq3.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_30; reference:url, urlhaus.abuse.ch/url/3721054/; classtype:trojan-activity;sid:84584154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3721052)"; flow:established,from_client; content:"GET"; http_method; content:"/download/%e5%a5%87%e5%a6%99%e5%8a%a0%e9%80%9f%e5%99%a8_2_10004379.exe/%c3%a5%c2%a5%c2%87%c3%a5%c2%a6%c2%99%c3%a5%c2%8a%c2%a0%c3%a9%c2%80%c2%9f%c3%a5%c2%99%c2%a8_2_10004379.exe/%c3%83%c2%a5%c3%82%c2%a5%c3%82%c2%87%c3%83%c2%a5%c3%82%c2%a6%c3%82%c2%99%c3%83%25...~311~...%ef%bf%bd%c3%82%c2%a8_2_10004379.exe"; http_uri; depth:305; isdataat:!1,relative; nocase; content:"pvsa.gxfugy.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_30; reference:url, urlhaus.abuse.ch/url/3721052/; classtype:trojan-activity;sid:84584152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3721049)"; flow:established,from_client; content:"GET"; http_method; content:"/y-cruncher-downloads/y-cruncher%20v0.8.7.9547.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"cdn.numberworld.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_30; reference:url, urlhaus.abuse.ch/url/3721049/; classtype:trojan-activity;sid:84584149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3721004)"; flow:established,from_client; content:"GET"; http_method; content:"/avahi_daemon"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"194.26.141.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_30; reference:url, urlhaus.abuse.ch/url/3721004/; classtype:trojan-activity;sid:84584104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.247.226.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720478/; classtype:trojan-activity;sid:84583578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720427)"; flow:established,from_client; content:"GET"; http_method; content:"/np08w10.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ndown2.ra2ol.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720427/; classtype:trojan-activity;sid:84583527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720424)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/kingbet189.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"sabungkingbet189.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720424/; classtype:trojan-activity;sid:84583524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720416)"; flow:established,from_client; content:"GET"; http_method; content:"/payment_receipt_11_28_2025.msi"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"vizyonuniversitesi.com.tr"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720416/; classtype:trojan-activity;sid:84583516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720403)"; flow:established,from_client; content:"GET"; http_method; content:"/gmssetupx86.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185-55-196-13.cprapid.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720403/; classtype:trojan-activity;sid:84583503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720339)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720339/; classtype:trojan-activity;sid:84583439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720337)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720337/; classtype:trojan-activity;sid:84583437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720335)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720335/; classtype:trojan-activity;sid:84583435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720332)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720332/; classtype:trojan-activity;sid:84583432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720334)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720334/; classtype:trojan-activity;sid:84583434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720327)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720327/; classtype:trojan-activity;sid:84583427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720042)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.0.222.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720042/; classtype:trojan-activity;sid:84583142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720037)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.0.222.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720037/; classtype:trojan-activity;sid:84583137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3719973)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.0.222.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3719973/; classtype:trojan-activity;sid:84583073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3719448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.10.237.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3719448/; classtype:trojan-activity;sid:84582548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3719390)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/accountbind.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.205.253.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3719390/; classtype:trojan-activity;sid:84582490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3718861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.228.74.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_28; reference:url, urlhaus.abuse.ch/url/3718861/; classtype:trojan-activity;sid:84581961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3718856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.141.249.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_28; reference:url, urlhaus.abuse.ch/url/3718856/; classtype:trojan-activity;sid:84581956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3718859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.6.14.135"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_28; reference:url, urlhaus.abuse.ch/url/3718859/; classtype:trojan-activity;sid:84581959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3718843)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.66.224.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_28; reference:url, urlhaus.abuse.ch/url/3718843/; classtype:trojan-activity;sid:84581943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3718114)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.33.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_27; reference:url, urlhaus.abuse.ch/url/3718114/; classtype:trojan-activity;sid:84581214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3717880)"; flow:established,from_client; content:"GET"; http_method; content:"/newwfs/support/customfont.apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"upaicdn.xinmei365.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_27; reference:url, urlhaus.abuse.ch/url/3717880/; classtype:trojan-activity;sid:84580980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3717878)"; flow:established,from_client; content:"GET"; http_method; content:"/ai.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"onlineappdownload.507.net.cn"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_11_27; reference:url, urlhaus.abuse.ch/url/3717878/; classtype:trojan-activity;sid:84580978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3717867)"; flow:established,from_client; content:"GET"; http_method; content:"/download/adan/utils/mudtime.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"paccbet.pages.dev"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_27; reference:url, urlhaus.abuse.ch/url/3717867/; classtype:trojan-activity;sid:84580967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3717692)"; flow:established,from_client; content:"GET"; http_method; content:"/safe/setup_smart.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"dl.ijinshan.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_27; reference:url, urlhaus.abuse.ch/url/3717692/; classtype:trojan-activity;sid:84580792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3717319)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.201.74.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_26; reference:url, urlhaus.abuse.ch/url/3717319/; classtype:trojan-activity;sid:84580419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3717293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.89.131.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_26; reference:url, urlhaus.abuse.ch/url/3717293/; classtype:trojan-activity;sid:84580393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3717290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.185.171.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_26; reference:url, urlhaus.abuse.ch/url/3717290/; classtype:trojan-activity;sid:84580390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3717261)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"108.176.149.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_26; reference:url, urlhaus.abuse.ch/url/3717261/; classtype:trojan-activity;sid:84580361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3716961)"; flow:established,from_client; content:"GET"; http_method; content:"/krzysztofadamczewski/nanocore-rat/raw/refs/heads/master/nanocore_portable.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_26; reference:url, urlhaus.abuse.ch/url/3716961/; classtype:trojan-activity;sid:84580061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3716962)"; flow:established,from_client; content:"GET"; http_method; content:"/pafh99/nanocore-rat-2/raw/refs/heads/master/nanocore_portable.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_26; reference:url, urlhaus.abuse.ch/url/3716962/; classtype:trojan-activity;sid:84580062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3716696)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/stayslot168.apk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"cloudstay168.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_25; reference:url, urlhaus.abuse.ch/url/3716696/; classtype:trojan-activity;sid:84579796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3716302)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2016/06/avamarconsolemultiple-windows-x86_64-7.2.1-32.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"avbackup.acionline.de"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_25; reference:url, urlhaus.abuse.ch/url/3716302/; classtype:trojan-activity;sid:84579402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3716299)"; flow:established,from_client; content:"GET"; http_method; content:"/clientbin/dowonline.installer.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"dowonline.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_25; reference:url, urlhaus.abuse.ch/url/3716299/; classtype:trojan-activity;sid:84579399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3716290)"; flow:established,from_client; content:"GET"; http_method; content:"/baixar/suporte%20winxp-7-8.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"compuserviceonline.com.br"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_25; reference:url, urlhaus.abuse.ch/url/3716290/; classtype:trojan-activity;sid:84579390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3716195)"; flow:established,from_client; content:"GET"; http_method; content:"/application/workspace/15/15d4031688cbb71def72a06cf15d7fa1/installer_%e6%99%ba%e8%83%bd%e7%bf%bb%e8%af%91%e5%ae%98_r1.7.9.exe"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"download2.huduntech.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_25; reference:url, urlhaus.abuse.ch/url/3716195/; classtype:trojan-activity;sid:84579295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715638)"; flow:established,from_client; content:"GET"; http_method; content:"/37/cqsj/official/37cqsj.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"d.wanyouxi7.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_24; reference:url, urlhaus.abuse.ch/url/3715638/; classtype:trojan-activity;sid:84578738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715637)"; flow:established,from_client; content:"GET"; http_method; content:"/nssm-2.24.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"localtonet.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_24; reference:url, urlhaus.abuse.ch/url/3715637/; classtype:trojan-activity;sid:84578737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715587)"; flow:established,from_client; content:"GET"; http_method; content:"/elc/filesave/setupfile/edmslaunchersetup.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"lcportal.kbinsure.co.kr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_24; reference:url, urlhaus.abuse.ch/url/3715587/; classtype:trojan-activity;sid:84578687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715579)"; flow:established,from_client; content:"GET"; http_method; content:"/dropfix"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cdn.novoline.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_24; reference:url, urlhaus.abuse.ch/url/3715579/; classtype:trojan-activity;sid:84578679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715175)"; flow:established,from_client; content:"GET"; http_method; content:"/fo-wsftp605.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"landonirwin.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3715175/; classtype:trojan-activity;sid:84578275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715034)"; flow:established,from_client; content:"GET"; http_method; content:"/windowscrackerdll.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"modulowinapp.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3715034/; classtype:trojan-activity;sid:84578134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715035)"; flow:established,from_client; content:"GET"; http_method; content:"/update2.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"modulowinapp.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3715035/; classtype:trojan-activity;sid:84578135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715036)"; flow:established,from_client; content:"GET"; http_method; content:"/strdup.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"modulowinapp.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3715036/; classtype:trojan-activity;sid:84578136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715037)"; flow:established,from_client; content:"GET"; http_method; content:"/winapploader.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"modulowinapp.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3715037/; classtype:trojan-activity;sid:84578137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715039)"; flow:established,from_client; content:"GET"; http_method; content:"/strdup1.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"modulowinapp.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3715039/; classtype:trojan-activity;sid:84578139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715029)"; flow:established,from_client; content:"GET"; http_method; content:"/sysinittask.xml"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"modulowinapp.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3715029/; classtype:trojan-activity;sid:84578129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715026)"; flow:established,from_client; content:"GET"; http_method; content:"/all.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"modulowinapp.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3715026/; classtype:trojan-activity;sid:84578126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715023)"; flow:established,from_client; content:"GET"; http_method; content:"/1001b.xml"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"modulowinapp.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3715023/; classtype:trojan-activity;sid:84578123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715012)"; flow:established,from_client; content:"GET"; http_method; content:"/pythonw.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"modulowinapp.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3715012/; classtype:trojan-activity;sid:84578112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715011)"; flow:established,from_client; content:"GET"; http_method; content:"/pop.xml"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"modulowinapp.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3715011/; classtype:trojan-activity;sid:84578111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715008)"; flow:established,from_client; content:"GET"; http_method; content:"/bc.zip"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"modulowinapp.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3715008/; classtype:trojan-activity;sid:84578108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3714981)"; flow:established,from_client; content:"GET"; http_method; content:"/app22.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"modulowinapp.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3714981/; classtype:trojan-activity;sid:84578081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3714987)"; flow:established,from_client; content:"GET"; http_method; content:"/navegadorexclusivobradesco.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"modulowinapp.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3714987/; classtype:trojan-activity;sid:84578087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3714988)"; flow:established,from_client; content:"GET"; http_method; content:"/app3.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"modulowinapp.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3714988/; classtype:trojan-activity;sid:84578088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3714991)"; flow:established,from_client; content:"GET"; http_method; content:"/navegadorexclusivo.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"modulowinapp.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3714991/; classtype:trojan-activity;sid:84578091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3714978)"; flow:established,from_client; content:"GET"; http_method; content:"/erererer.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"modulowinapp.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3714978/; classtype:trojan-activity;sid:84578078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3714731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.10.237.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3714731/; classtype:trojan-activity;sid:84577831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3714635)"; flow:established,from_client; content:"GET"; http_method; content:"/app/linux.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"prepstarcenter.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3714635/; classtype:trojan-activity;sid:84577735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3714116)"; flow:established,from_client; content:"GET"; http_method; content:"/wizvera/delfino/down/delfino-g3-sha2.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"www.hwgeneralins.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_22; reference:url, urlhaus.abuse.ch/url/3714116/; classtype:trojan-activity;sid:84577216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3714095)"; flow:established,from_client; content:"GET"; http_method; content:"/k1_351.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"app.appzcvb.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_22; reference:url, urlhaus.abuse.ch/url/3714095/; classtype:trojan-activity;sid:84577195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713958)"; flow:established,from_client; content:"GET"; http_method; content:"/rs.ps1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"20.244.42.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_22; reference:url, urlhaus.abuse.ch/url/3713958/; classtype:trojan-activity;sid:84577058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713850)"; flow:established,from_client; content:"GET"; http_method; content:"/cleaner"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gutando.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_22; reference:url, urlhaus.abuse.ch/url/3713850/; classtype:trojan-activity;sid:84576950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713493)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.190.74.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_21; reference:url, urlhaus.abuse.ch/url/3713493/; classtype:trojan-activity;sid:84576593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713469)"; flow:established,from_client; content:"GET"; http_method; content:"/stage1.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fb6390d5.infinityindians.pages.dev"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_11_21; reference:url, urlhaus.abuse.ch/url/3713469/; classtype:trojan-activity;sid:84576569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713470)"; flow:established,from_client; content:"GET"; http_method; content:"/amsibypass.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"fb6390d5.infinityindians.pages.dev"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_11_21; reference:url, urlhaus.abuse.ch/url/3713470/; classtype:trojan-activity;sid:84576570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713467)"; flow:established,from_client; content:"GET"; http_method; content:"/files/bexitor%20installer.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"matthewsigmondv5.pages.dev"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_21; reference:url, urlhaus.abuse.ch/url/3713467/; classtype:trojan-activity;sid:84576567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712904)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.156.63.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712904/; classtype:trojan-activity;sid:84576004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.19.130.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712881/; classtype:trojan-activity;sid:84575981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712796)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712796/; classtype:trojan-activity;sid:84575896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712795)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712795/; classtype:trojan-activity;sid:84575895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712793)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712793/; classtype:trojan-activity;sid:84575893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712790)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712790/; classtype:trojan-activity;sid:84575890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712788)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712788/; classtype:trojan-activity;sid:84575888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712785)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712785/; classtype:trojan-activity;sid:84575885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712393)"; flow:established,from_client; content:"GET"; http_method; content:"/d/gof.com.my/gz2v8w/y0qt8nphhv1v"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"smartermail.host"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712393/; classtype:trojan-activity;sid:84575493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/horioninjector.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"horion-static.pages.dev"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_19; reference:url, urlhaus.abuse.ch/url/3712017/; classtype:trojan-activity;sid:84575117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711792)"; flow:established,from_client; content:"GET"; http_method; content:"/bog.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bombayonline.in"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_19; reference:url, urlhaus.abuse.ch/url/3711792/; classtype:trojan-activity;sid:84574892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/polar.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711579/; classtype:trojan-activity;sid:84574679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/polar.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711540/; classtype:trojan-activity;sid:84574640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/polar.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711535/; classtype:trojan-activity;sid:84574635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/polar.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711526/; classtype:trojan-activity;sid:84574626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711513)"; flow:established,from_client; content:"GET"; http_method; content:"/qkuys.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711513/; classtype:trojan-activity;sid:84574613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/polar.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711502/; classtype:trojan-activity;sid:84574602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/polar.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711492/; classtype:trojan-activity;sid:84574592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/polar.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711495/; classtype:trojan-activity;sid:84574595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/polar.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711450/; classtype:trojan-activity;sid:84574550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/polar.arc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711451/; classtype:trojan-activity;sid:84574551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/debug"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711453/; classtype:trojan-activity;sid:84574553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/polar.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711457/; classtype:trojan-activity;sid:84574557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/polar.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711446/; classtype:trojan-activity;sid:84574546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/polar.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711447/; classtype:trojan-activity;sid:84574547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/polar.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711448/; classtype:trojan-activity;sid:84574548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711347)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711347/; classtype:trojan-activity;sid:84574447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711331)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711331/; classtype:trojan-activity;sid:84574431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711330)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711330/; classtype:trojan-activity;sid:84574430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711328)"; flow:established,from_client; content:"GET"; http_method; content:"/thinkphp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711328/; classtype:trojan-activity;sid:84574428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711329)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711329/; classtype:trojan-activity;sid:84574429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711325)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711325/; classtype:trojan-activity;sid:84574425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711326)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711326/; classtype:trojan-activity;sid:84574426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711327)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711327/; classtype:trojan-activity;sid:84574427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711320)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711320/; classtype:trojan-activity;sid:84574420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711321)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711321/; classtype:trojan-activity;sid:84574421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711322)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711322/; classtype:trojan-activity;sid:84574422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711323)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711323/; classtype:trojan-activity;sid:84574423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711311)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711311/; classtype:trojan-activity;sid:84574411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711312)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon443"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711312/; classtype:trojan-activity;sid:84574412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711313/; classtype:trojan-activity;sid:84574413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711314)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711314/; classtype:trojan-activity;sid:84574414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711315)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711315/; classtype:trojan-activity;sid:84574415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711316)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711316/; classtype:trojan-activity;sid:84574416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711317)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711317/; classtype:trojan-activity;sid:84574417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711318)"; flow:established,from_client; content:"GET"; http_method; content:"/pulse"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711318/; classtype:trojan-activity;sid:84574418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711319)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711319/; classtype:trojan-activity;sid:84574419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711310)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711310/; classtype:trojan-activity;sid:84574410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711303)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711303/; classtype:trojan-activity;sid:84574403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711304)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711304/; classtype:trojan-activity;sid:84574404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711305)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711305/; classtype:trojan-activity;sid:84574405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711306)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711306/; classtype:trojan-activity;sid:84574406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711307)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711307/; classtype:trojan-activity;sid:84574407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711308)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711308/; classtype:trojan-activity;sid:84574408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711309)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.simbhaolisugars.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711309/; classtype:trojan-activity;sid:84574409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711276)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.79.255.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711276/; classtype:trojan-activity;sid:84574376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711277)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.107.136.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711277/; classtype:trojan-activity;sid:84574377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711278)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.121.137.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711278/; classtype:trojan-activity;sid:84574378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711264)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.75.224.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711264/; classtype:trojan-activity;sid:84574364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711265)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.62.226.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711265/; classtype:trojan-activity;sid:84574365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711242)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.75.224.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711242/; classtype:trojan-activity;sid:84574342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711259)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.75.215.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711259/; classtype:trojan-activity;sid:84574359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.59.47.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711192/; classtype:trojan-activity;sid:84574292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710993)"; flow:established,from_client; content:"GET"; http_method; content:"/sfyhmsqlexrtjetiqydog74.bin"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"dexios.co.za"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3710993/; classtype:trojan-activity;sid:84574093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710988)"; flow:established,from_client; content:"GET"; http_method; content:"/brkopsluth.emz"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dexios.co.za"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3710988/; classtype:trojan-activity;sid:84574088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710595)"; flow:established,from_client; content:"GET"; http_method; content:"/user_c.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"8.217.152.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710595/; classtype:trojan-activity;sid:84573695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710498)"; flow:established,from_client; content:"GET"; http_method; content:"/auo1.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a-gwo.pages.dev"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710498/; classtype:trojan-activity;sid:84573598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710493)"; flow:established,from_client; content:"GET"; http_method; content:"/com.movseek.app_release1.0.1.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"libretv-16e.pages.dev"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710493/; classtype:trojan-activity;sid:84573593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"rheddh.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710456/; classtype:trojan-activity;sid:84573556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-19/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710416/; classtype:trojan-activity;sid:84573516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710412)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_42625_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710412/; classtype:trojan-activity;sid:84573512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710404)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-29/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710404/; classtype:trojan-activity;sid:84573504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710394)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-03-23/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710394/; classtype:trojan-activity;sid:84573494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710388)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-05-03/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710388/; classtype:trojan-activity;sid:84573488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-04-23/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710390/; classtype:trojan-activity;sid:84573490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710385)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-10-11/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710385/; classtype:trojan-activity;sid:84573485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-05-20/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710383/; classtype:trojan-activity;sid:84573483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-05-21/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710380/; classtype:trojan-activity;sid:84573480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-02-26/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710370/; classtype:trojan-activity;sid:84573470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-27/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710371/; classtype:trojan-activity;sid:84573471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-28/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710374/; classtype:trojan-activity;sid:84573474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710362)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-09-25/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710362/; classtype:trojan-activity;sid:84573462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710355)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_42425_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710355/; classtype:trojan-activity;sid:84573455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710351)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-06-22/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710351/; classtype:trojan-activity;sid:84573451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710352)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_41724_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710352/; classtype:trojan-activity;sid:84573452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-07-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710353/; classtype:trojan-activity;sid:84573453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2023-02-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710340/; classtype:trojan-activity;sid:84573440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710341)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-07-05/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710341/; classtype:trojan-activity;sid:84573441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-07-27/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710343/; classtype:trojan-activity;sid:84573443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710334)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-06/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710334/; classtype:trojan-activity;sid:84573434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710323)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-05-11/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710323/; classtype:trojan-activity;sid:84573423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-11-22/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710327/; classtype:trojan-activity;sid:84573427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710315)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_3925_mahal-node2/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710315/; classtype:trojan-activity;sid:84573415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710316)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-09-28/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710316/; classtype:trojan-activity;sid:84573416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710318)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-12-23/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710318/; classtype:trojan-activity;sid:84573418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710319)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_10825_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710319/; classtype:trojan-activity;sid:84573419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-05-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710311/; classtype:trojan-activity;sid:84573411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710312)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_82225_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710312/; classtype:trojan-activity;sid:84573412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710313)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-12-14/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710313/; classtype:trojan-activity;sid:84573413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710306/; classtype:trojan-activity;sid:84573406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-26/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710293/; classtype:trojan-activity;sid:84573393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-10-06/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710285/; classtype:trojan-activity;sid:84573385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710287)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-21/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710287/; classtype:trojan-activity;sid:84573387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-05-18/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710288/; classtype:trojan-activity;sid:84573388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-07-22/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710289/; classtype:trojan-activity;sid:84573389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-04-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710290/; classtype:trojan-activity;sid:84573390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2021-05-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710291/; classtype:trojan-activity;sid:84573391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-20/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710284/; classtype:trojan-activity;sid:84573384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710207)"; flow:established,from_client; content:"GET"; http_method; content:"/offlinepackv4.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dl.360safe.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710207/; classtype:trojan-activity;sid:84573307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710011)"; flow:established,from_client; content:"GET"; http_method; content:"/soulclientwtf/lnk/raw/refs/heads/main/execute"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_16; reference:url, urlhaus.abuse.ch/url/3710011/; classtype:trojan-activity;sid:84573111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710010)"; flow:established,from_client; content:"GET"; http_method; content:"/soulclientwtf/lnk/refs/heads/main/execute"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_16; reference:url, urlhaus.abuse.ch/url/3710010/; classtype:trojan-activity;sid:84573110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709941)"; flow:established,from_client; content:"GET"; http_method; content:"/js/railheads7tv4.ps1"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"techauto.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_16; reference:url, urlhaus.abuse.ch/url/3709941/; classtype:trojan-activity;sid:84573041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709939)"; flow:established,from_client; content:"GET"; http_method; content:"/js/bkyfk8nbhy9k.ps1"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"techauto.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_16; reference:url, urlhaus.abuse.ch/url/3709939/; classtype:trojan-activity;sid:84573039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709921)"; flow:established,from_client; content:"GET"; http_method; content:"/-/project/75948445/uploads/4c3e660ab51c78f49b9c10016e852287/ksv.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_16; reference:url, urlhaus.abuse.ch/url/3709921/; classtype:trojan-activity;sid:84573021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709528)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.242.58.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709528/; classtype:trojan-activity;sid:84572628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-01-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709309/; classtype:trojan-activity;sid:84572409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709306/; classtype:trojan-activity;sid:84572406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2019-03-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709292/; classtype:trojan-activity;sid:84572392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709293/; classtype:trojan-activity;sid:84572393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709294)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-03-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709294/; classtype:trojan-activity;sid:84572394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709295)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-10-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709295/; classtype:trojan-activity;sid:84572395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709296)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-01-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709296/; classtype:trojan-activity;sid:84572396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709298)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-08-23/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709298/; classtype:trojan-activity;sid:84572398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709299)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-10-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709299/; classtype:trojan-activity;sid:84572399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-08-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709300/; classtype:trojan-activity;sid:84572400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709301)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-05-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709301/; classtype:trojan-activity;sid:84572401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709302)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-10-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709302/; classtype:trojan-activity;sid:84572402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-03-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709303/; classtype:trojan-activity;sid:84572403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-05-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709304/; classtype:trojan-activity;sid:84572404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709305/; classtype:trojan-activity;sid:84572405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-08-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709288/; classtype:trojan-activity;sid:84572388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-10-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709290/; classtype:trojan-activity;sid:84572390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2024-01-26/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709291/; classtype:trojan-activity;sid:84572391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709272)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-07-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709272/; classtype:trojan-activity;sid:84572372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709273)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-08-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709273/; classtype:trojan-activity;sid:84572373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-08-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709274/; classtype:trojan-activity;sid:84572374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709275)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2024-04-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709275/; classtype:trojan-activity;sid:84572375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-01-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709276/; classtype:trojan-activity;sid:84572376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709277)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2022-01-20/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709277/; classtype:trojan-activity;sid:84572377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-04-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709278/; classtype:trojan-activity;sid:84572378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709280)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-06-29/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709280/; classtype:trojan-activity;sid:84572380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-05-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709281/; classtype:trojan-activity;sid:84572381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-04-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709284/; classtype:trojan-activity;sid:84572384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-10-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709285/; classtype:trojan-activity;sid:84572385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-11-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709286/; classtype:trojan-activity;sid:84572386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709287)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-10-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709287/; classtype:trojan-activity;sid:84572387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709269)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_82624_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709269/; classtype:trojan-activity;sid:84572369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-10-29/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709270/; classtype:trojan-activity;sid:84572370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709271)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2020-10-10/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709271/; classtype:trojan-activity;sid:84572371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709267)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-02-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709267/; classtype:trojan-activity;sid:84572367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709255)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-01-29/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709255/; classtype:trojan-activity;sid:84572355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709256)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-11-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709256/; classtype:trojan-activity;sid:84572356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-07-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709257/; classtype:trojan-activity;sid:84572357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709258)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-06-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709258/; classtype:trojan-activity;sid:84572358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-11-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709259/; classtype:trojan-activity;sid:84572359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-03-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709261/; classtype:trojan-activity;sid:84572361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709262)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000162/2022-03-02/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709262/; classtype:trojan-activity;sid:84572362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709263)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-08-31/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709263/; classtype:trojan-activity;sid:84572363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709264)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-05-11/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709264/; classtype:trojan-activity;sid:84572364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709248)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-03-03/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709248/; classtype:trojan-activity;sid:84572348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709249)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-08-24/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709249/; classtype:trojan-activity;sid:84572349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-04-11/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709250/; classtype:trojan-activity;sid:84572350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709251)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-11-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709251/; classtype:trojan-activity;sid:84572351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709252)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-06-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709252/; classtype:trojan-activity;sid:84572352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709253)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2024-01-17/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709253/; classtype:trojan-activity;sid:84572353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709254)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-11-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709254/; classtype:trojan-activity;sid:84572354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-03-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709244/; classtype:trojan-activity;sid:84572344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709245)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709245/; classtype:trojan-activity;sid:84572345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709246)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-09-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709246/; classtype:trojan-activity;sid:84572346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-01-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709247/; classtype:trojan-activity;sid:84572347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709240)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709240/; classtype:trojan-activity;sid:84572340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709241)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-07-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709241/; classtype:trojan-activity;sid:84572341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709242/; classtype:trojan-activity;sid:84572342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-02-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709239/; classtype:trojan-activity;sid:84572339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709234)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-11-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709234/; classtype:trojan-activity;sid:84572334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709235)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-10-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709235/; classtype:trojan-activity;sid:84572335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709236)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709236/; classtype:trojan-activity;sid:84572336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709237)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709237/; classtype:trojan-activity;sid:84572337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-07-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709238/; classtype:trojan-activity;sid:84572338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709228)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-01-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709228/; classtype:trojan-activity;sid:84572328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709229)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-03-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709229/; classtype:trojan-activity;sid:84572329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709230)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000162/2022-07-22/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709230/; classtype:trojan-activity;sid:84572330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-10-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709231/; classtype:trojan-activity;sid:84572331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709232)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-10-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709232/; classtype:trojan-activity;sid:84572332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709233/; classtype:trojan-activity;sid:84572333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2019-07-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709220/; classtype:trojan-activity;sid:84572320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709221)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-03-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709221/; classtype:trojan-activity;sid:84572321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-11-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709222/; classtype:trojan-activity;sid:84572322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709223)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-07-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709223/; classtype:trojan-activity;sid:84572323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709224)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-12-26/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709224/; classtype:trojan-activity;sid:84572324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709225)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-03-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709225/; classtype:trojan-activity;sid:84572325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709227)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-03-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709227/; classtype:trojan-activity;sid:84572327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709218)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-03-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709218/; classtype:trojan-activity;sid:84572318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709219)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709219/; classtype:trojan-activity;sid:84572319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709217)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-06-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709217/; classtype:trojan-activity;sid:84572317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-01-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709213/; classtype:trojan-activity;sid:84572313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-01-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709214/; classtype:trojan-activity;sid:84572314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-04-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709209/; classtype:trojan-activity;sid:84572309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709210)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-07-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709210/; classtype:trojan-activity;sid:84572310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709211)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-04-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709211/; classtype:trojan-activity;sid:84572311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709212)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2023-06-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709212/; classtype:trojan-activity;sid:84572312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709201)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000162/2022-03-06/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709201/; classtype:trojan-activity;sid:84572301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709202)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2024-03-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709202/; classtype:trojan-activity;sid:84572302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709203)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-04-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709203/; classtype:trojan-activity;sid:84572303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2020-10-12/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709204/; classtype:trojan-activity;sid:84572304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-04-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709205/; classtype:trojan-activity;sid:84572305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709206)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-03-02/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709206/; classtype:trojan-activity;sid:84572306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709207)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-02-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709207/; classtype:trojan-activity;sid:84572307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709193)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-04-04/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709193/; classtype:trojan-activity;sid:84572293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709194)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-10-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709194/; classtype:trojan-activity;sid:84572294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709195)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-05-01/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709195/; classtype:trojan-activity;sid:84572295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-05-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709196/; classtype:trojan-activity;sid:84572296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709197)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709197/; classtype:trojan-activity;sid:84572297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709199)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-04-11/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709199/; classtype:trojan-activity;sid:84572299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709200)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2019-10-15/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709200/; classtype:trojan-activity;sid:84572300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709192)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2020-07-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709192/; classtype:trojan-activity;sid:84572292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709190)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-01-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709190/; classtype:trojan-activity;sid:84572290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-11-28/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709191/; classtype:trojan-activity;sid:84572291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-07-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709186/; classtype:trojan-activity;sid:84572286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-10-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709187/; classtype:trojan-activity;sid:84572287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-07-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709188/; classtype:trojan-activity;sid:84572288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709175)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2025-01-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709175/; classtype:trojan-activity;sid:84572275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-05-02/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709176/; classtype:trojan-activity;sid:84572276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-01-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709177/; classtype:trojan-activity;sid:84572277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-09-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709178/; classtype:trojan-activity;sid:84572278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-10-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709179/; classtype:trojan-activity;sid:84572279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-09-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709180/; classtype:trojan-activity;sid:84572280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-10-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709181/; classtype:trojan-activity;sid:84572281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709182)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709182/; classtype:trojan-activity;sid:84572282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709184)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-03-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709184/; classtype:trojan-activity;sid:84572284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709185)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-08-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709185/; classtype:trojan-activity;sid:84572285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-07-17/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709165/; classtype:trojan-activity;sid:84572265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-07-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709166/; classtype:trojan-activity;sid:84572266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000162/2024-01-22/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709167/; classtype:trojan-activity;sid:84572267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709168)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2022-01-27/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709168/; classtype:trojan-activity;sid:84572268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-06-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709169/; classtype:trojan-activity;sid:84572269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-01-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709170/; classtype:trojan-activity;sid:84572270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709171/; classtype:trojan-activity;sid:84572271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709172)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-11-15/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709172/; classtype:trojan-activity;sid:84572272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-12-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709173/; classtype:trojan-activity;sid:84572273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-07-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709163/; classtype:trojan-activity;sid:84572263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-08-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709161/; classtype:trojan-activity;sid:84572261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2019-03-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709162/; classtype:trojan-activity;sid:84572262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-01-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709159/; classtype:trojan-activity;sid:84572259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709158/; classtype:trojan-activity;sid:84572258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709152)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000758/2022-03-02/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709152/; classtype:trojan-activity;sid:84572252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709153)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2019-10-17/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709153/; classtype:trojan-activity;sid:84572253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709154)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2024-01-24/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709154/; classtype:trojan-activity;sid:84572254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-06-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709155/; classtype:trojan-activity;sid:84572255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-01-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709156/; classtype:trojan-activity;sid:84572256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709157)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2023-08-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709157/; classtype:trojan-activity;sid:84572257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-05-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709143/; classtype:trojan-activity;sid:84572243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-10-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709144/; classtype:trojan-activity;sid:84572244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-10-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709145/; classtype:trojan-activity;sid:84572245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709147)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-07-02/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709147/; classtype:trojan-activity;sid:84572247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-05-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709148/; classtype:trojan-activity;sid:84572248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709149/; classtype:trojan-activity;sid:84572249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-10-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709150/; classtype:trojan-activity;sid:84572250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-05-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709151/; classtype:trojan-activity;sid:84572251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-09-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709140/; classtype:trojan-activity;sid:84572240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709141)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-10-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709141/; classtype:trojan-activity;sid:84572241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709139)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-08-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709139/; classtype:trojan-activity;sid:84572239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-11-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709138/; classtype:trojan-activity;sid:84572238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-08-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709130/; classtype:trojan-activity;sid:84572230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709131/; classtype:trojan-activity;sid:84572231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709132)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2019-05-31/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709132/; classtype:trojan-activity;sid:84572232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709133)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-10-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709133/; classtype:trojan-activity;sid:84572233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-11-27/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709135/; classtype:trojan-activity;sid:84572235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-06-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709136/; classtype:trojan-activity;sid:84572236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-01-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709128/; classtype:trojan-activity;sid:84572228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-09-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709112/; classtype:trojan-activity;sid:84572212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-10-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709113/; classtype:trojan-activity;sid:84572213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-11-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709114/; classtype:trojan-activity;sid:84572214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-04-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709115/; classtype:trojan-activity;sid:84572215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2024-03-17/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709116/; classtype:trojan-activity;sid:84572216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-04-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709117/; classtype:trojan-activity;sid:84572217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-11-25/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709118/; classtype:trojan-activity;sid:84572218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-12-31/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709119/; classtype:trojan-activity;sid:84572219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2024-03-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709120/; classtype:trojan-activity;sid:84572220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-08-16/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709121/; classtype:trojan-activity;sid:84572221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709122)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_92825_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709122/; classtype:trojan-activity;sid:84572222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-01-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709123/; classtype:trojan-activity;sid:84572223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-06-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709124/; classtype:trojan-activity;sid:84572224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709126)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-03-16/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709126/; classtype:trojan-activity;sid:84572226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709109)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-10-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709109/; classtype:trojan-activity;sid:84572209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-06-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709111/; classtype:trojan-activity;sid:84572211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-10-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709104/; classtype:trojan-activity;sid:84572204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709105/; classtype:trojan-activity;sid:84572205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-08-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709107/; classtype:trojan-activity;sid:84572207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709108/; classtype:trojan-activity;sid:84572208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709102)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_51125_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709102/; classtype:trojan-activity;sid:84572202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-10-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709096/; classtype:trojan-activity;sid:84572196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2019-03-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709097/; classtype:trojan-activity;sid:84572197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709098/; classtype:trojan-activity;sid:84572198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-12-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709099/; classtype:trojan-activity;sid:84572199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709100)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-07-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709100/; classtype:trojan-activity;sid:84572200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000324/2024-01-02/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709101/; classtype:trojan-activity;sid:84572201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-01-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709088/; classtype:trojan-activity;sid:84572188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-10-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709089/; classtype:trojan-activity;sid:84572189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-11-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709090/; classtype:trojan-activity;sid:84572190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709091/; classtype:trojan-activity;sid:84572191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-01-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709092/; classtype:trojan-activity;sid:84572192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2022-10-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709093/; classtype:trojan-activity;sid:84572193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-03-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709078/; classtype:trojan-activity;sid:84572178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2024-09-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709079/; classtype:trojan-activity;sid:84572179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-09-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709080/; classtype:trojan-activity;sid:84572180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709081)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-09-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709081/; classtype:trojan-activity;sid:84572181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-04-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709083/; classtype:trojan-activity;sid:84572183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-04-17/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709084/; classtype:trojan-activity;sid:84572184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-11-02/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709085/; classtype:trojan-activity;sid:84572185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709086/; classtype:trojan-activity;sid:84572186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709087/; classtype:trojan-activity;sid:84572187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709075/; classtype:trojan-activity;sid:84572175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-01-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709076/; classtype:trojan-activity;sid:84572176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-05-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709077/; classtype:trojan-activity;sid:84572177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-06-24/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709054/; classtype:trojan-activity;sid:84572154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709055/; classtype:trojan-activity;sid:84572155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-09-26/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709056/; classtype:trojan-activity;sid:84572156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-06-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709057/; classtype:trojan-activity;sid:84572157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-12-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709058/; classtype:trojan-activity;sid:84572158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-07-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709059/; classtype:trojan-activity;sid:84572159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-02-20/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709060/; classtype:trojan-activity;sid:84572160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-02-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709061/; classtype:trojan-activity;sid:84572161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-07-17/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709062/; classtype:trojan-activity;sid:84572162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-07-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709063/; classtype:trojan-activity;sid:84572163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-10-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709064/; classtype:trojan-activity;sid:84572164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-06-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709065/; classtype:trojan-activity;sid:84572165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-11-02/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709066/; classtype:trojan-activity;sid:84572166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-04-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709067/; classtype:trojan-activity;sid:84572167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-03-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709068/; classtype:trojan-activity;sid:84572168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-01-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709069/; classtype:trojan-activity;sid:84572169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-07-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709070/; classtype:trojan-activity;sid:84572170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709072)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-09-29/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709072/; classtype:trojan-activity;sid:84572172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-11-18/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709042/; classtype:trojan-activity;sid:84572142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-09-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709043/; classtype:trojan-activity;sid:84572143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-09-17/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709044/; classtype:trojan-activity;sid:84572144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-04-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709045/; classtype:trojan-activity;sid:84572145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2019-03-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709046/; classtype:trojan-activity;sid:84572146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-06-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709047/; classtype:trojan-activity;sid:84572147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709048/; classtype:trojan-activity;sid:84572148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-10-31/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709049/; classtype:trojan-activity;sid:84572149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-06-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709050/; classtype:trojan-activity;sid:84572150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-03-17/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709051/; classtype:trojan-activity;sid:84572151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-11-06/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709052/; classtype:trojan-activity;sid:84572152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-04-05/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709053/; classtype:trojan-activity;sid:84572153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3708783)"; flow:established,from_client; content:"GET"; http_method; content:"/-/project/76083013/uploads/32561edca48a460384d1dbaa0cf1605b/mvc3.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3708783/; classtype:trojan-activity;sid:84571883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3708476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.143.158.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3708476/; classtype:trojan-activity;sid:84571576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3708402)"; flow:established,from_client; content:"GET"; http_method; content:"/ourzz.wav"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"clubdetiroelpicarcho.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3708402/; classtype:trojan-activity;sid:84571502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707810)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_82224_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707810/; classtype:trojan-activity;sid:84570910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707712)"; flow:established,from_client; content:"GET"; http_method; content:"/com.movseek.app_release1.0.1.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"movseek.pages.dev"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707712/; classtype:trojan-activity;sid:84570812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707697)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/04/pieletjf.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"theoremaoliveoil.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707697/; classtype:trojan-activity;sid:84570797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707699)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/04/pieletjf_vm.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"theoremaoliveoil.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707699/; classtype:trojan-activity;sid:84570799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704600)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704600/; classtype:trojan-activity;sid:84567700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704602)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.139.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704602/; classtype:trojan-activity;sid:84567702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.208.202.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704561/; classtype:trojan-activity;sid:84567661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704523)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704523/; classtype:trojan-activity;sid:84567623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704282)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_21425_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704282/; classtype:trojan-activity;sid:84567382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704281)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_21625_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704281/; classtype:trojan-activity;sid:84567381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704279)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_12424_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704279/; classtype:trojan-activity;sid:84567379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704276)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_22225_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704276/; classtype:trojan-activity;sid:84567376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704277)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_12525_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704277/; classtype:trojan-activity;sid:84567377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704246)"; flow:established,from_client; content:"GET"; http_method; content:"/haozip/haozip_v6.5.2.11245.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"dl.2345.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704246/; classtype:trojan-activity;sid:84567346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704158)"; flow:established,from_client; content:"GET"; http_method; content:"/leinchchanceleinch/jik/raw/refs/heads/main/dev.msi"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704158/; classtype:trojan-activity;sid:84567258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703801)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703801/; classtype:trojan-activity;sid:84566901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703777)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_11424_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703777/; classtype:trojan-activity;sid:84566877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703778)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_102624_mahal-node2/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703778/; classtype:trojan-activity;sid:84566878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703767)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_61924_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703767/; classtype:trojan-activity;sid:84566867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703748)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_21025_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703748/; classtype:trojan-activity;sid:84566848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703756)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_71824_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703756/; classtype:trojan-activity;sid:84566856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703743)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_62124_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703743/; classtype:trojan-activity;sid:84566843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703744)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_112724_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703744/; classtype:trojan-activity;sid:84566844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703745)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_101124_mahal-server/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703745/; classtype:trojan-activity;sid:84566845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703731)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703731/; classtype:trojan-activity;sid:84566831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703727)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_9425_mahal-node1/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703727/; classtype:trojan-activity;sid:84566827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.123.19.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703349/; classtype:trojan-activity;sid:84566449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.123.19.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703338/; classtype:trojan-activity;sid:84566438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703171)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703171/; classtype:trojan-activity;sid:84566271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702746)"; flow:established,from_client; content:"GET"; http_method; content:"/dersnotlari/02/sora.jpg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.notbak.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702746/; classtype:trojan-activity;sid:84565846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702204)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702204/; classtype:trojan-activity;sid:84565304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702202)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702202/; classtype:trojan-activity;sid:84565302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702201)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702201/; classtype:trojan-activity;sid:84565301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702199)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702199/; classtype:trojan-activity;sid:84565299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702178)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702178/; classtype:trojan-activity;sid:84565278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702166)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702166/; classtype:trojan-activity;sid:84565266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702161)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702161/; classtype:trojan-activity;sid:84565261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702156)"; flow:established,from_client; content:"GET"; http_method; content:"/20250416/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702156/; classtype:trojan-activity;sid:84565256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702158)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702158/; classtype:trojan-activity;sid:84565258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702152)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702152/; classtype:trojan-activity;sid:84565252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702147)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702147/; classtype:trojan-activity;sid:84565247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702142)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702142/; classtype:trojan-activity;sid:84565242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702143)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702143/; classtype:trojan-activity;sid:84565243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702134)"; flow:established,from_client; content:"GET"; http_method; content:"/20250416/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702134/; classtype:trojan-activity;sid:84565234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702135)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702135/; classtype:trojan-activity;sid:84565235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702136)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702136/; classtype:trojan-activity;sid:84565236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702130)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702130/; classtype:trojan-activity;sid:84565230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702131)"; flow:established,from_client; content:"GET"; http_method; content:"/20250416/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702131/; classtype:trojan-activity;sid:84565231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702132)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702132/; classtype:trojan-activity;sid:84565232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702127)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702127/; classtype:trojan-activity;sid:84565227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702128)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702128/; classtype:trojan-activity;sid:84565228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702122)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702122/; classtype:trojan-activity;sid:84565222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702123)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702123/; classtype:trojan-activity;sid:84565223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702119)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702119/; classtype:trojan-activity;sid:84565219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702115)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702115/; classtype:trojan-activity;sid:84565215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702105)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702105/; classtype:trojan-activity;sid:84565205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702102)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702102/; classtype:trojan-activity;sid:84565202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702103)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702103/; classtype:trojan-activity;sid:84565203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701924)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701924/; classtype:trojan-activity;sid:84565024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701906)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701906/; classtype:trojan-activity;sid:84565006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.50.27.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701623/; classtype:trojan-activity;sid:84564723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701320)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"144.2.111.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701320/; classtype:trojan-activity;sid:84564420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701203)"; flow:established,from_client; content:"GET"; http_method; content:"/scoto.jpb"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.jozefinskiatelje.si"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701203/; classtype:trojan-activity;sid:84564303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.115.249.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700623/; classtype:trojan-activity;sid:84563723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700329)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700329/; classtype:trojan-activity;sid:84563429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700276)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700276/; classtype:trojan-activity;sid:84563376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700268)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.158.34.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700268/; classtype:trojan-activity;sid:84563368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700199)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700199/; classtype:trojan-activity;sid:84563299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700187)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.158.34.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700187/; classtype:trojan-activity;sid:84563287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700112)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700112/; classtype:trojan-activity;sid:84563212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700015)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700015/; classtype:trojan-activity;sid:84563115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699997)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699997/; classtype:trojan-activity;sid:84563097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699967)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.91.141.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699967/; classtype:trojan-activity;sid:84563067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699839)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699839/; classtype:trojan-activity;sid:84562939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699812)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699812/; classtype:trojan-activity;sid:84562912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699768)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699768/; classtype:trojan-activity;sid:84562868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699681)"; flow:established,from_client; content:"GET"; http_method; content:"/tinh_cuoc_xe/2025/thanh%20ti%c3%aan/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"103.226.249.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699681/; classtype:trojan-activity;sid:84562781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699651)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699651/; classtype:trojan-activity;sid:84562751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699578)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699578/; classtype:trojan-activity;sid:84562678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699459)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699459/; classtype:trojan-activity;sid:84562559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699462)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699462/; classtype:trojan-activity;sid:84562562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699428)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699428/; classtype:trojan-activity;sid:84562528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698699)"; flow:established,from_client; content:"GET"; http_method; content:"/reprofo.mso"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.jozefinskiatelje.si"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698699/; classtype:trojan-activity;sid:84561799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698418)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"83.229.126.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698418/; classtype:trojan-activity;sid:84561518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698410)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"59.110.28.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698410/; classtype:trojan-activity;sid:84561510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698408)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"212.14.244.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698408/; classtype:trojan-activity;sid:84561508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.250.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698400/; classtype:trojan-activity;sid:84561500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698365)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.241.74.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698365/; classtype:trojan-activity;sid:84561465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698078)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698078/; classtype:trojan-activity;sid:84561178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698077)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698077/; classtype:trojan-activity;sid:84561177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698067)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698067/; classtype:trojan-activity;sid:84561167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698070)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698070/; classtype:trojan-activity;sid:84561170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698062)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698062/; classtype:trojan-activity;sid:84561162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698059)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698059/; classtype:trojan-activity;sid:84561159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698057)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698057/; classtype:trojan-activity;sid:84561157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698058)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698058/; classtype:trojan-activity;sid:84561158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697910)"; flow:established,from_client; content:"GET"; http_method; content:"/zddtxxyxb.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697910/; classtype:trojan-activity;sid:84561010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697909)"; flow:established,from_client; content:"GET"; http_method; content:"/i24.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697909/; classtype:trojan-activity;sid:84561009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697908)"; flow:established,from_client; content:"GET"; http_method; content:"/husk.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697908/; classtype:trojan-activity;sid:84561008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697907)"; flow:established,from_client; content:"GET"; http_method; content:"/eznoted2b1405e.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697907/; classtype:trojan-activity;sid:84561007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697870)"; flow:established,from_client; content:"GET"; http_method; content:"/husk.py"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697870/; classtype:trojan-activity;sid:84560970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697816)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697816/; classtype:trojan-activity;sid:84560916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697809)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.158.34.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697809/; classtype:trojan-activity;sid:84560909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697791)"; flow:established,from_client; content:"GET"; http_method; content:"/tran.dsp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.jozefinskiatelje.si"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697791/; classtype:trojan-activity;sid:84560891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697789)"; flow:established,from_client; content:"GET"; http_method; content:"/aibkp63.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.jozefinskiatelje.si"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697789/; classtype:trojan-activity;sid:84560889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697097)"; flow:established,from_client; content:"GET"; http_method; content:"/stb/retev.php|3f|bl=qtuvl0pcseglafunszpre008.txt"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"vcc-library.uk"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697097/; classtype:trojan-activity;sid:84560197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696992)"; flow:established,from_client; content:"GET"; http_method; content:"/a1l4m/2e771fb306028fabfc8e098427181f78/raw/37f3db6b29d64f1045fb60967d6297f525ddf443/iamthedanger.txt"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"gist.githubusercontent.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696992/; classtype:trojan-activity;sid:84560092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696570)"; flow:established,from_client; content:"GET"; http_method; content:"/chromeupdate.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"38.38.251.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696570/; classtype:trojan-activity;sid:84559670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696375)"; flow:established,from_client; content:"GET"; http_method; content:"/content/plugins/fr3.lim"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nelees.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696375/; classtype:trojan-activity;sid:84559475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696132)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696132/; classtype:trojan-activity;sid:84559232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696133)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696133/; classtype:trojan-activity;sid:84559233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696129)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696129/; classtype:trojan-activity;sid:84559229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696114)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696114/; classtype:trojan-activity;sid:84559214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696096)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696096/; classtype:trojan-activity;sid:84559196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696092)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"59.7.236.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696092/; classtype:trojan-activity;sid:84559192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696086)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696086/; classtype:trojan-activity;sid:84559186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696082)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696082/; classtype:trojan-activity;sid:84559182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696066)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696066/; classtype:trojan-activity;sid:84559166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696043)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"144.2.111.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696043/; classtype:trojan-activity;sid:84559143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696026)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696026/; classtype:trojan-activity;sid:84559126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696003)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696003/; classtype:trojan-activity;sid:84559103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696004)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696004/; classtype:trojan-activity;sid:84559104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695955)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.94.199.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695955/; classtype:trojan-activity;sid:84559055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695952)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695952/; classtype:trojan-activity;sid:84559052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695948)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695948/; classtype:trojan-activity;sid:84559048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695937)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695937/; classtype:trojan-activity;sid:84559037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695923)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695923/; classtype:trojan-activity;sid:84559023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695920)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.94.199.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695920/; classtype:trojan-activity;sid:84559020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695898)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695898/; classtype:trojan-activity;sid:84558998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695884)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.94.199.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695884/; classtype:trojan-activity;sid:84558984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695869)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695869/; classtype:trojan-activity;sid:84558969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695875)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.94.199.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695875/; classtype:trojan-activity;sid:84558975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695868)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.91.141.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695868/; classtype:trojan-activity;sid:84558968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695854)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695854/; classtype:trojan-activity;sid:84558954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695840)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.96.33.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695840/; classtype:trojan-activity;sid:84558940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695827)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695827/; classtype:trojan-activity;sid:84558927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695830)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695830/; classtype:trojan-activity;sid:84558930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695119)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.242.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695119/; classtype:trojan-activity;sid:84558219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.227.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695114/; classtype:trojan-activity;sid:84558214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695079)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"108.176.149.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695079/; classtype:trojan-activity;sid:84558179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695080)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.86.246.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695080/; classtype:trojan-activity;sid:84558180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694767)"; flow:established,from_client; content:"GET"; http_method; content:"/clipaid-pro.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"clipaid.app"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694767/; classtype:trojan-activity;sid:84557867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693496)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"36.92.110.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693496/; classtype:trojan-activity;sid:84556596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693493)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"108.176.149.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693493/; classtype:trojan-activity;sid:84556593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691906)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"108.176.149.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691906/; classtype:trojan-activity;sid:84555006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691444)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.149.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691444/; classtype:trojan-activity;sid:84554544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691320)"; flow:established,from_client; content:"GET"; http_method; content:"/5"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691320/; classtype:trojan-activity;sid:84554420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691195)"; flow:established,from_client; content:"GET"; http_method; content:"/4"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691195/; classtype:trojan-activity;sid:84554295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.150.45.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690476/; classtype:trojan-activity;sid:84553576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.45.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690469/; classtype:trojan-activity;sid:84553569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689713)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.149.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689713/; classtype:trojan-activity;sid:84552813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689700)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.197.62.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689700/; classtype:trojan-activity;sid:84552800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688941)"; flow:established,from_client; content:"GET"; http_method; content:"/limi/abounding_proposal.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"tajalrayhan.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688941/; classtype:trojan-activity;sid:84552041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688692)"; flow:established,from_client; content:"GET"; http_method; content:"/xmr.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688692/; classtype:trojan-activity;sid:84551792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688690)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688690/; classtype:trojan-activity;sid:84551790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688658)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688658/; classtype:trojan-activity;sid:84551758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688659)"; flow:established,from_client; content:"GET"; http_method; content:"/32.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688659/; classtype:trojan-activity;sid:84551759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688660)"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688660/; classtype:trojan-activity;sid:84551760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.247.202.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688125/; classtype:trojan-activity;sid:84551225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687916)"; flow:established,from_client; content:"GET"; http_method; content:"/y6m2uw0dgi.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"filerit.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687916/; classtype:trojan-activity;sid:84551016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687914)"; flow:established,from_client; content:"GET"; http_method; content:"/4aa9fqc792.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pub-bfc34934a91a4893817098f73415917a.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687914/; classtype:trojan-activity;sid:84551014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687753)"; flow:established,from_client; content:"GET"; http_method; content:"/zibll001/ffff/refs/heads/main/web.sh"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687753/; classtype:trojan-activity;sid:84550853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685141)"; flow:established,from_client; content:"GET"; http_method; content:"/var/albums/etkinlikler/toplanti/2013/soran.jpg.jpeg"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"galeri3.arkitera.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685141/; classtype:trojan-activity;sid:84548241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.90.122.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684907/; classtype:trojan-activity;sid:84548007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684806)"; flow:established,from_client; content:"GET"; http_method; content:"/zoom/windows/download.php"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"khoancatbetong89.vn"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684806/; classtype:trojan-activity;sid:84547906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684474)"; flow:established,from_client; content:"GET"; http_method; content:"/cs4.7-cn/third-party/winvnc.x64.dll"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"120.48.25.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684474/; classtype:trojan-activity;sid:84547574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684473)"; flow:established,from_client; content:"GET"; http_method; content:"/cs4.7-cn/third-party/winvnc.x86.dll"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"120.48.25.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684473/; classtype:trojan-activity;sid:84547573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684468)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm5"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684468/; classtype:trojan-activity;sid:84547568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684465)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.mpsl"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684465/; classtype:trojan-activity;sid:84547565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684466)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm6"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684466/; classtype:trojan-activity;sid:84547566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684467)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.x86_64"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684467/; classtype:trojan-activity;sid:84547567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684462)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684462/; classtype:trojan-activity;sid:84547562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684463)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.mips"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684463/; classtype:trojan-activity;sid:84547563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684464)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.sh4"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684464/; classtype:trojan-activity;sid:84547564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684457)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.m68k"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684457/; classtype:trojan-activity;sid:84547557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684458)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684458/; classtype:trojan-activity;sid:84547558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684459)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.spc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684459/; classtype:trojan-activity;sid:84547559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684460)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684460/; classtype:trojan-activity;sid:84547560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684461)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.ppc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684461/; classtype:trojan-activity;sid:84547561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684454)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.i686"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684454/; classtype:trojan-activity;sid:84547554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684455)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm7"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684455/; classtype:trojan-activity;sid:84547555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684456)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.x86"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684456/; classtype:trojan-activity;sid:84547556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684360)"; flow:established,from_client; content:"GET"; http_method; content:"/898xylbd/139assicc.dll"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"192.140.182.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684360/; classtype:trojan-activity;sid:84547460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684352)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684352/; classtype:trojan-activity;sid:84547452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684353)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684353/; classtype:trojan-activity;sid:84547453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684354)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684354/; classtype:trojan-activity;sid:84547454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684347)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684347/; classtype:trojan-activity;sid:84547447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684348)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684348/; classtype:trojan-activity;sid:84547448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684349)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684349/; classtype:trojan-activity;sid:84547449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684350)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684350/; classtype:trojan-activity;sid:84547450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684351)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684351/; classtype:trojan-activity;sid:84547451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684345)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684345/; classtype:trojan-activity;sid:84547445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.175.42.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683975/; classtype:trojan-activity;sid:84547075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683958)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.92.235.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683958/; classtype:trojan-activity;sid:84547058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683956)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.92.235.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683956/; classtype:trojan-activity;sid:84547056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683723)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683723/; classtype:trojan-activity;sid:84546823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683567)"; flow:established,from_client; content:"GET"; http_method; content:"/onastroll-2000f5n/5vcye/releases/download/v1.2/launcher.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683567/; classtype:trojan-activity;sid:84546667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683253)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|h=107.173.101.114|7c|26|7c|p=10000|7c|26|7c|t=tcp|7c|26|7c|a=w64|7c|26|7c|stage=true"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"107.173.101.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683253/; classtype:trojan-activity;sid:84546353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683254)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|h=107.173.101.114|7c|26|7c|p=10000|7c|26|7c|t=tcp|7c|26|7c|a=w32|7c|26|7c|stage=true"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"107.173.101.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683254/; classtype:trojan-activity;sid:84546354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683250)"; flow:established,from_client; content:"GET"; http_method; content:"/swt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.173.101.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683250/; classtype:trojan-activity;sid:84546350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683215)"; flow:established,from_client; content:"GET"; http_method; content:"/1/items.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.249.192.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683215/; classtype:trojan-activity;sid:84546315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682316)"; flow:established,from_client; content:"GET"; http_method; content:"/wheatw.pfm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"tehnomag.rs"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682316/; classtype:trojan-activity;sid:84545416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682317)"; flow:established,from_client; content:"GET"; http_method; content:"/wheatw.pfm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"tehnomag.rs"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682317/; classtype:trojan-activity;sid:84545417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681048)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.92.43.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681048/; classtype:trojan-activity;sid:84544148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681051)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.198.233.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681051/; classtype:trojan-activity;sid:84544151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681011)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"149.210.37.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681011/; classtype:trojan-activity;sid:84544111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680322)"; flow:established,from_client; content:"GET"; http_method; content:"/new/x64-setup.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"tapestryoftruth.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680322/; classtype:trojan-activity;sid:84543422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679158)"; flow:established,from_client; content:"GET"; http_method; content:"/notepad.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"bmh-global.myfirewall.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679158/; classtype:trojan-activity;sid:84542258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679148)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpoint.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"igw.myfirewall.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679148/; classtype:trojan-activity;sid:84542248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678940)"; flow:established,from_client; content:"GET"; http_method; content:"/prefiction.mp4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.sgeseducation.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678940/; classtype:trojan-activity;sid:84542040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"50.43.160.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678923/; classtype:trojan-activity;sid:84542023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678912)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.145.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678912/; classtype:trojan-activity;sid:84542012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678230)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678230/; classtype:trojan-activity;sid:84541330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678227)"; flow:established,from_client; content:"GET"; http_method; content:"/pulse"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678227/; classtype:trojan-activity;sid:84541327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678228)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678228/; classtype:trojan-activity;sid:84541328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678213)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678213/; classtype:trojan-activity;sid:84541313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678214/; classtype:trojan-activity;sid:84541314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678215)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678215/; classtype:trojan-activity;sid:84541315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678216)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678216/; classtype:trojan-activity;sid:84541316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678217)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678217/; classtype:trojan-activity;sid:84541317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678218)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678218/; classtype:trojan-activity;sid:84541318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678219)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678219/; classtype:trojan-activity;sid:84541319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678220)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678220/; classtype:trojan-activity;sid:84541320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678221)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon443"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678221/; classtype:trojan-activity;sid:84541321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678222)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678222/; classtype:trojan-activity;sid:84541322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678223)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678223/; classtype:trojan-activity;sid:84541323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678224)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678224/; classtype:trojan-activity;sid:84541324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678225)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678225/; classtype:trojan-activity;sid:84541325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678208)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678208/; classtype:trojan-activity;sid:84541308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678209)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678209/; classtype:trojan-activity;sid:84541309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678210/; classtype:trojan-activity;sid:84541310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678211)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678211/; classtype:trojan-activity;sid:84541311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678212)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678212/; classtype:trojan-activity;sid:84541312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678204)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678204/; classtype:trojan-activity;sid:84541304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678206)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678206/; classtype:trojan-activity;sid:84541306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678207)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678207/; classtype:trojan-activity;sid:84541307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678197)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678197/; classtype:trojan-activity;sid:84541297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678198)"; flow:established,from_client; content:"GET"; http_method; content:"/thinkphp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678198/; classtype:trojan-activity;sid:84541298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678199)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678199/; classtype:trojan-activity;sid:84541299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678200)"; flow:established,from_client; content:"GET"; http_method; content:"/thinkphp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678200/; classtype:trojan-activity;sid:84541300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678201)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678201/; classtype:trojan-activity;sid:84541301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678203)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678203/; classtype:trojan-activity;sid:84541303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678193)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678193/; classtype:trojan-activity;sid:84541293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678194)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678194/; classtype:trojan-activity;sid:84541294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678195)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678195/; classtype:trojan-activity;sid:84541295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678196)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678196/; classtype:trojan-activity;sid:84541296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678190)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678190/; classtype:trojan-activity;sid:84541290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678191)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678191/; classtype:trojan-activity;sid:84541291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678192)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678192/; classtype:trojan-activity;sid:84541292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678188)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678188/; classtype:trojan-activity;sid:84541288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678189)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678189/; classtype:trojan-activity;sid:84541289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678177)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678177/; classtype:trojan-activity;sid:84541277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678178)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678178/; classtype:trojan-activity;sid:84541278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678179)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678179/; classtype:trojan-activity;sid:84541279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678181)"; flow:established,from_client; content:"GET"; http_method; content:"/pulse"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678181/; classtype:trojan-activity;sid:84541281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678182)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678182/; classtype:trojan-activity;sid:84541282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678183)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678183/; classtype:trojan-activity;sid:84541283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678184)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678184/; classtype:trojan-activity;sid:84541284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678185)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678185/; classtype:trojan-activity;sid:84541285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678186)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678186/; classtype:trojan-activity;sid:84541286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678187)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678187/; classtype:trojan-activity;sid:84541287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678176)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678176/; classtype:trojan-activity;sid:84541276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678175)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678175/; classtype:trojan-activity;sid:84541275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678167)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678167/; classtype:trojan-activity;sid:84541267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678168)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678168/; classtype:trojan-activity;sid:84541268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678169)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678169/; classtype:trojan-activity;sid:84541269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678170)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678170/; classtype:trojan-activity;sid:84541270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678171)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678171/; classtype:trojan-activity;sid:84541271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678172)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678172/; classtype:trojan-activity;sid:84541272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678173)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon443"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678173/; classtype:trojan-activity;sid:84541273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678006)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.153.93.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678006/; classtype:trojan-activity;sid:84541106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677999)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.25.123.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677999/; classtype:trojan-activity;sid:84541099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677521/; classtype:trojan-activity;sid:84540621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669896)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/wp-content/build.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"serasoo.direct.quickconnect.to"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669896/; classtype:trojan-activity;sid:84532996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668654)"; flow:established,from_client; content:"GET"; http_method; content:"/download/gamechange.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"skillnorequired.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668654/; classtype:trojan-activity;sid:84531754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668647)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.24.0/xmrig-6.24.0-windows-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668647/; classtype:trojan-activity;sid:84531747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668586)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"apn-87-251-249-41.static.gprs.plus.pl"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668586/; classtype:trojan-activity;sid:84531686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668179)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm6"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668179/; classtype:trojan-activity;sid:84531279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668174)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.mpsl"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668174/; classtype:trojan-activity;sid:84531274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668175)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668175/; classtype:trojan-activity;sid:84531275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668167)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.i686"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668167/; classtype:trojan-activity;sid:84531267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668168)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm7"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668168/; classtype:trojan-activity;sid:84531268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668169)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.m68k"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668169/; classtype:trojan-activity;sid:84531269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668154)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm5"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668154/; classtype:trojan-activity;sid:84531254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668155)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.x86_64"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668155/; classtype:trojan-activity;sid:84531255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668157)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.spc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668157/; classtype:trojan-activity;sid:84531257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668158)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.sh4"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668158/; classtype:trojan-activity;sid:84531258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668139)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.x86"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668139/; classtype:trojan-activity;sid:84531239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668142)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668142/; classtype:trojan-activity;sid:84531242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668130)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.ppc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668130/; classtype:trojan-activity;sid:84531230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668131)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.mips"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668131/; classtype:trojan-activity;sid:84531231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667750)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667750/; classtype:trojan-activity;sid:84530850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667591)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667591/; classtype:trojan-activity;sid:84530691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667586)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667586/; classtype:trojan-activity;sid:84530686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667588)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667588/; classtype:trojan-activity;sid:84530688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667585)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667585/; classtype:trojan-activity;sid:84530685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667584)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667584/; classtype:trojan-activity;sid:84530684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-03-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3666829/; classtype:trojan-activity;sid:84529929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666133)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-09-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666133/; classtype:trojan-activity;sid:84529233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666131/; classtype:trojan-activity;sid:84529231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-10-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666130/; classtype:trojan-activity;sid:84529230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-09-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666129/; classtype:trojan-activity;sid:84529229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-06-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666128/; classtype:trojan-activity;sid:84529228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666127)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-11-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666127/; classtype:trojan-activity;sid:84529227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-04-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666123/; classtype:trojan-activity;sid:84529223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-11-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666124/; classtype:trojan-activity;sid:84529224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666125/; classtype:trojan-activity;sid:84529225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666126)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-05-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666126/; classtype:trojan-activity;sid:84529226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-04-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666121/; classtype:trojan-activity;sid:84529221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-09-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666122/; classtype:trojan-activity;sid:84529222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-09-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666120/; classtype:trojan-activity;sid:84529220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666118/; classtype:trojan-activity;sid:84529218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666119/; classtype:trojan-activity;sid:84529219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-05-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666113/; classtype:trojan-activity;sid:84529213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-04-01/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666114/; classtype:trojan-activity;sid:84529214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-11-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666116/; classtype:trojan-activity;sid:84529216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-10-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666117/; classtype:trojan-activity;sid:84529217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-05-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666110/; classtype:trojan-activity;sid:84529210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-11-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666111/; classtype:trojan-activity;sid:84529211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-05-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666112/; classtype:trojan-activity;sid:84529212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-07-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666105/; classtype:trojan-activity;sid:84529205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-03-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666106/; classtype:trojan-activity;sid:84529206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-01-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666107/; classtype:trojan-activity;sid:84529207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-07-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666108/; classtype:trojan-activity;sid:84529208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666109)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-09-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666109/; classtype:trojan-activity;sid:84529209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-02-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666101/; classtype:trojan-activity;sid:84529201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666102)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-06-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666102/; classtype:trojan-activity;sid:84529202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666103/; classtype:trojan-activity;sid:84529203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666104/; classtype:trojan-activity;sid:84529204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666095/; classtype:trojan-activity;sid:84529195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-02-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666096/; classtype:trojan-activity;sid:84529196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-09-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666098/; classtype:trojan-activity;sid:84529198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666099/; classtype:trojan-activity;sid:84529199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666092/; classtype:trojan-activity;sid:84529192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-10-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666094/; classtype:trojan-activity;sid:84529194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666090/; classtype:trojan-activity;sid:84529190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666091/; classtype:trojan-activity;sid:84529191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666089/; classtype:trojan-activity;sid:84529189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666084/; classtype:trojan-activity;sid:84529184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666081)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666081/; classtype:trojan-activity;sid:84529181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666082/; classtype:trojan-activity;sid:84529182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-04-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666083/; classtype:trojan-activity;sid:84529183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-04-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666069/; classtype:trojan-activity;sid:84529169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-11-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666070/; classtype:trojan-activity;sid:84529170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666071/; classtype:trojan-activity;sid:84529171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666073/; classtype:trojan-activity;sid:84529173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666075/; classtype:trojan-activity;sid:84529175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-12-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666076/; classtype:trojan-activity;sid:84529176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-11-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666080/; classtype:trojan-activity;sid:84529180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-06-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666066/; classtype:trojan-activity;sid:84529166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666065/; classtype:trojan-activity;sid:84529165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666063/; classtype:trojan-activity;sid:84529163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666062/; classtype:trojan-activity;sid:84529162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666061/; classtype:trojan-activity;sid:84529161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666060/; classtype:trojan-activity;sid:84529160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-09-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666059/; classtype:trojan-activity;sid:84529159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-03-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666058/; classtype:trojan-activity;sid:84529158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-10-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666057/; classtype:trojan-activity;sid:84529157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-01-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666056/; classtype:trojan-activity;sid:84529156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-05-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666053/; classtype:trojan-activity;sid:84529153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666055/; classtype:trojan-activity;sid:84529155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-07-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666048/; classtype:trojan-activity;sid:84529148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666049/; classtype:trojan-activity;sid:84529149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-02-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666050/; classtype:trojan-activity;sid:84529150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-11-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666051/; classtype:trojan-activity;sid:84529151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-04-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666052/; classtype:trojan-activity;sid:84529152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666042/; classtype:trojan-activity;sid:84529142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666043/; classtype:trojan-activity;sid:84529143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-09-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666044/; classtype:trojan-activity;sid:84529144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666045/; classtype:trojan-activity;sid:84529145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666046/; classtype:trojan-activity;sid:84529146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666047/; classtype:trojan-activity;sid:84529147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-08-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666038/; classtype:trojan-activity;sid:84529138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-09-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666039/; classtype:trojan-activity;sid:84529139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666041/; classtype:trojan-activity;sid:84529141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666036/; classtype:trojan-activity;sid:84529136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666037/; classtype:trojan-activity;sid:84529137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666033/; classtype:trojan-activity;sid:84529133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-12-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666034/; classtype:trojan-activity;sid:84529134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666035/; classtype:trojan-activity;sid:84529135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666032)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-07-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666032/; classtype:trojan-activity;sid:84529132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666028/; classtype:trojan-activity;sid:84529128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-01-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666029/; classtype:trojan-activity;sid:84529129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666030/; classtype:trojan-activity;sid:84529130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-03-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666031/; classtype:trojan-activity;sid:84529131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-03-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666027/; classtype:trojan-activity;sid:84529127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666026/; classtype:trojan-activity;sid:84529126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666020/; classtype:trojan-activity;sid:84529120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666021/; classtype:trojan-activity;sid:84529121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666022/; classtype:trojan-activity;sid:84529122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666023/; classtype:trojan-activity;sid:84529123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666024/; classtype:trojan-activity;sid:84529124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666025/; classtype:trojan-activity;sid:84529125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666018)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-03-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666018/; classtype:trojan-activity;sid:84529118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-12-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666019/; classtype:trojan-activity;sid:84529119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666015/; classtype:trojan-activity;sid:84529115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666017/; classtype:trojan-activity;sid:84529117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666014/; classtype:trojan-activity;sid:84529114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-03-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666013/; classtype:trojan-activity;sid:84529113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665807)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665807/; classtype:trojan-activity;sid:84528907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665801)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.79.192.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665801/; classtype:trojan-activity;sid:84528901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665802)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665802/; classtype:trojan-activity;sid:84528902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665799)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665799/; classtype:trojan-activity;sid:84528899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665767)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665767/; classtype:trojan-activity;sid:84528867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665758)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.138.28.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665758/; classtype:trojan-activity;sid:84528858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665760)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.91.88.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665760/; classtype:trojan-activity;sid:84528860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665747)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.53.15.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665747/; classtype:trojan-activity;sid:84528847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665715)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"126.23.203.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665715/; classtype:trojan-activity;sid:84528815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665712)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665712/; classtype:trojan-activity;sid:84528812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665709)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.133.96.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665709/; classtype:trojan-activity;sid:84528809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665703)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.122.191.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665703/; classtype:trojan-activity;sid:84528803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665699)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665699/; classtype:trojan-activity;sid:84528799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665700)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.4.52.242"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665700/; classtype:trojan-activity;sid:84528800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665692)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"155.2.213.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665692/; classtype:trojan-activity;sid:84528792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665677)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.133.96.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665677/; classtype:trojan-activity;sid:84528777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665674)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"155.2.213.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665674/; classtype:trojan-activity;sid:84528774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665671)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.160.215.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665671/; classtype:trojan-activity;sid:84528771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665669)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665669/; classtype:trojan-activity;sid:84528769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665664)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665664/; classtype:trojan-activity;sid:84528764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665656)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665656/; classtype:trojan-activity;sid:84528756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665646)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/chendesheng/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665646/; classtype:trojan-activity;sid:84528746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665643)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/trkjob/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665643/; classtype:trojan-activity;sid:84528743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665644)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665644/; classtype:trojan-activity;sid:84528744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665642)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665642/; classtype:trojan-activity;sid:84528742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665640)"; flow:established,from_client; content:"GET"; http_method; content:"/image/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665640/; classtype:trojan-activity;sid:84528740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665639)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665639/; classtype:trojan-activity;sid:84528739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665635)"; flow:established,from_client; content:"GET"; http_method; content:"/check_update_apk/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665635/; classtype:trojan-activity;sid:84528735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665636)"; flow:established,from_client; content:"GET"; http_method; content:"/test/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665636/; classtype:trojan-activity;sid:84528736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665637)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/aspnet_client/system_web/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665637/; classtype:trojan-activity;sid:84528737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665638)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/wmsentry/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665638/; classtype:trojan-activity;sid:84528738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665634)"; flow:established,from_client; content:"GET"; http_method; content:"/template/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665634/; classtype:trojan-activity;sid:84528734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665633)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665633/; classtype:trojan-activity;sid:84528733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665631)"; flow:established,from_client; content:"GET"; http_method; content:"/barcode/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665631/; classtype:trojan-activity;sid:84528731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665629)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/qdsc/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665629/; classtype:trojan-activity;sid:84528729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665630)"; flow:established,from_client; content:"GET"; http_method; content:"/cfg/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665630/; classtype:trojan-activity;sid:84528730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665628)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/customercode/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665628/; classtype:trojan-activity;sid:84528728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665626)"; flow:established,from_client; content:"GET"; http_method; content:"/toupdateapk/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665626/; classtype:trojan-activity;sid:84528726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665622)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/testappicon/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665622/; classtype:trojan-activity;sid:84528722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665621)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665621/; classtype:trojan-activity;sid:84528721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665619)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc-testapp-/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665619/; classtype:trojan-activity;sid:84528719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665617)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/maanbang/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665617/; classtype:trojan-activity;sid:84528717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665618)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/test/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665618/; classtype:trojan-activity;sid:84528718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665616)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/liubin/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665616/; classtype:trojan-activity;sid:84528716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665615)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/fengzaixing/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665615/; classtype:trojan-activity;sid:84528715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665612)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665612/; classtype:trojan-activity;sid:84528712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665613)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.133.96.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665613/; classtype:trojan-activity;sid:84528713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664885)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"120.79.192.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664885/; classtype:trojan-activity;sid:84527985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664880)"; flow:established,from_client; content:"GET"; http_method; content:"/public/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"194.122.191.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664880/; classtype:trojan-activity;sid:84527980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662908)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.92.43.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662908/; classtype:trojan-activity;sid:84526008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.160.26.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662879/; classtype:trojan-activity;sid:84525979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662805)"; flow:established,from_client; content:"GET"; http_method; content:"/asmroyal/cd4/releases/download/cd4/cd4.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662805/; classtype:trojan-activity;sid:84525905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661435)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1afutsiefohaia02gkfjdbgn-kk91hksb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661435/; classtype:trojan-activity;sid:84524535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660738)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660738/; classtype:trojan-activity;sid:84523838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660696)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660696/; classtype:trojan-activity;sid:84523796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660688)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660688/; classtype:trojan-activity;sid:84523788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660679)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660679/; classtype:trojan-activity;sid:84523779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660677)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660677/; classtype:trojan-activity;sid:84523777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660676)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660676/; classtype:trojan-activity;sid:84523776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660675)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660675/; classtype:trojan-activity;sid:84523775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660674)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660674/; classtype:trojan-activity;sid:84523774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660672)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660672/; classtype:trojan-activity;sid:84523772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660671)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660671/; classtype:trojan-activity;sid:84523771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660670)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660670/; classtype:trojan-activity;sid:84523770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660669)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660669/; classtype:trojan-activity;sid:84523769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660665)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660665/; classtype:trojan-activity;sid:84523765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660663)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660663/; classtype:trojan-activity;sid:84523763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660660)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660660/; classtype:trojan-activity;sid:84523760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660659)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660659/; classtype:trojan-activity;sid:84523759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660657)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660657/; classtype:trojan-activity;sid:84523757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660655)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660655/; classtype:trojan-activity;sid:84523755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660656)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660656/; classtype:trojan-activity;sid:84523756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660653)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660653/; classtype:trojan-activity;sid:84523753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660647)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660647/; classtype:trojan-activity;sid:84523747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660648)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660648/; classtype:trojan-activity;sid:84523748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660649)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660649/; classtype:trojan-activity;sid:84523749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660644)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660644/; classtype:trojan-activity;sid:84523744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660642)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660642/; classtype:trojan-activity;sid:84523742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660639)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660639/; classtype:trojan-activity;sid:84523739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660638)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660638/; classtype:trojan-activity;sid:84523738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660636)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660636/; classtype:trojan-activity;sid:84523736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660635)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660635/; classtype:trojan-activity;sid:84523735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660634)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660634/; classtype:trojan-activity;sid:84523734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660633)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660633/; classtype:trojan-activity;sid:84523733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660631)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660631/; classtype:trojan-activity;sid:84523731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660630)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660630/; classtype:trojan-activity;sid:84523730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660629)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660629/; classtype:trojan-activity;sid:84523729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660627)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660627/; classtype:trojan-activity;sid:84523727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660626)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660626/; classtype:trojan-activity;sid:84523726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660625)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660625/; classtype:trojan-activity;sid:84523725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660624)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660624/; classtype:trojan-activity;sid:84523724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660622)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660622/; classtype:trojan-activity;sid:84523722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660623)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660623/; classtype:trojan-activity;sid:84523723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660621)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660621/; classtype:trojan-activity;sid:84523721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660620)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660620/; classtype:trojan-activity;sid:84523720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660618)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660618/; classtype:trojan-activity;sid:84523718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660616)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660616/; classtype:trojan-activity;sid:84523716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660614)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660614/; classtype:trojan-activity;sid:84523714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660613)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660613/; classtype:trojan-activity;sid:84523713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660611)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660611/; classtype:trojan-activity;sid:84523711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660608)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660608/; classtype:trojan-activity;sid:84523708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660607)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660607/; classtype:trojan-activity;sid:84523707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660600)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660600/; classtype:trojan-activity;sid:84523700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660599)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660599/; classtype:trojan-activity;sid:84523699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660596)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660596/; classtype:trojan-activity;sid:84523696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660595)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660595/; classtype:trojan-activity;sid:84523695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660594)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660594/; classtype:trojan-activity;sid:84523694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660592)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660592/; classtype:trojan-activity;sid:84523692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660593)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660593/; classtype:trojan-activity;sid:84523693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660591)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660591/; classtype:trojan-activity;sid:84523691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660587)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660587/; classtype:trojan-activity;sid:84523687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660588)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660588/; classtype:trojan-activity;sid:84523688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660589)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660589/; classtype:trojan-activity;sid:84523689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660583)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660583/; classtype:trojan-activity;sid:84523683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660582)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660582/; classtype:trojan-activity;sid:84523682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660579)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660579/; classtype:trojan-activity;sid:84523679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660575)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660575/; classtype:trojan-activity;sid:84523675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660576)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660576/; classtype:trojan-activity;sid:84523676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660574)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660574/; classtype:trojan-activity;sid:84523674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660571)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660571/; classtype:trojan-activity;sid:84523671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660569)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660569/; classtype:trojan-activity;sid:84523669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660568)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660568/; classtype:trojan-activity;sid:84523668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660566)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660566/; classtype:trojan-activity;sid:84523666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660559)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660559/; classtype:trojan-activity;sid:84523659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660560)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660560/; classtype:trojan-activity;sid:84523660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660561)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660561/; classtype:trojan-activity;sid:84523661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660558)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660558/; classtype:trojan-activity;sid:84523658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660552)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660552/; classtype:trojan-activity;sid:84523652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660553)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660553/; classtype:trojan-activity;sid:84523653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660554)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660554/; classtype:trojan-activity;sid:84523654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660555)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660555/; classtype:trojan-activity;sid:84523655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660556)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660556/; classtype:trojan-activity;sid:84523656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660536)"; flow:established,from_client; content:"GET"; http_method; content:"/pathdata/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"113.57.8.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660536/; classtype:trojan-activity;sid:84523636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660537)"; flow:established,from_client; content:"GET"; http_method; content:"/sxs/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"110.227.197.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660537/; classtype:trojan-activity;sid:84523637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660538)"; flow:established,from_client; content:"GET"; http_method; content:"/user/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"113.57.8.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660538/; classtype:trojan-activity;sid:84523638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660513)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.92.43.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660513/; classtype:trojan-activity;sid:84523613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.246.178.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660487/; classtype:trojan-activity;sid:84523587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660331)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660331/; classtype:trojan-activity;sid:84523431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660329)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660329/; classtype:trojan-activity;sid:84523429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660315)"; flow:established,from_client; content:"GET"; http_method; content:"/proceso.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"158.94.209.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660315/; classtype:trojan-activity;sid:84523415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660290)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660290/; classtype:trojan-activity;sid:84523390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659836)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659836/; classtype:trojan-activity;sid:84522936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659835)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.51.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659835/; classtype:trojan-activity;sid:84522935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659834)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659834/; classtype:trojan-activity;sid:84522934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659833)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659833/; classtype:trojan-activity;sid:84522933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659808)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.51.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659808/; classtype:trojan-activity;sid:84522908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659801)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.77.51.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659801/; classtype:trojan-activity;sid:84522901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659802)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"104.187.164.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659802/; classtype:trojan-activity;sid:84522902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659796)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.82.169.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659796/; classtype:trojan-activity;sid:84522896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659797)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.82.169.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659797/; classtype:trojan-activity;sid:84522897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659779)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659779/; classtype:trojan-activity;sid:84522879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659782)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659782/; classtype:trojan-activity;sid:84522882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659766/; classtype:trojan-activity;sid:84522866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659722)"; flow:established,from_client; content:"GET"; http_method; content:"/proceso.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"runds.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659722/; classtype:trojan-activity;sid:84522822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2025-01-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658970/; classtype:trojan-activity;sid:84522070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-10-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658962/; classtype:trojan-activity;sid:84522062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2020-09-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658957/; classtype:trojan-activity;sid:84522057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-11-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658954/; classtype:trojan-activity;sid:84522054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-07-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658903/; classtype:trojan-activity;sid:84522003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2023-11-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658778/; classtype:trojan-activity;sid:84521878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658670/; classtype:trojan-activity;sid:84521770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658610)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-03-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658610/; classtype:trojan-activity;sid:84521710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2023-03-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658568/; classtype:trojan-activity;sid:84521668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658555)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2021-07-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658555/; classtype:trojan-activity;sid:84521655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-11-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658470/; classtype:trojan-activity;sid:84521570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658437)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2020-12-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658437/; classtype:trojan-activity;sid:84521537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658282)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-04-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658282/; classtype:trojan-activity;sid:84521382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658247/; classtype:trojan-activity;sid:84521347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-12-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658173/; classtype:trojan-activity;sid:84521273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2022-04-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658159/; classtype:trojan-activity;sid:84521259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2021-10-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658106/; classtype:trojan-activity;sid:84521206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2023-12-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658091/; classtype:trojan-activity;sid:84521191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-04-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658087/; classtype:trojan-activity;sid:84521187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-08-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658061/; classtype:trojan-activity;sid:84521161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656729)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656729/; classtype:trojan-activity;sid:84519829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656728)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656728/; classtype:trojan-activity;sid:84519828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656727)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656727/; classtype:trojan-activity;sid:84519827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656726)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656726/; classtype:trojan-activity;sid:84519826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656720)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656720/; classtype:trojan-activity;sid:84519820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656717)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656717/; classtype:trojan-activity;sid:84519817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656718)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656718/; classtype:trojan-activity;sid:84519818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656708)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656708/; classtype:trojan-activity;sid:84519808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656709)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656709/; classtype:trojan-activity;sid:84519809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656707)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656707/; classtype:trojan-activity;sid:84519807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656704)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656704/; classtype:trojan-activity;sid:84519804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656702)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656702/; classtype:trojan-activity;sid:84519802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656696)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656696/; classtype:trojan-activity;sid:84519796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656693)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656693/; classtype:trojan-activity;sid:84519793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656689)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656689/; classtype:trojan-activity;sid:84519789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656692)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656692/; classtype:trojan-activity;sid:84519792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656671)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.224.70.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656671/; classtype:trojan-activity;sid:84519771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656672)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656672/; classtype:trojan-activity;sid:84519772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656674)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656674/; classtype:trojan-activity;sid:84519774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656666)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"180.76.153.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656666/; classtype:trojan-activity;sid:84519766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656667)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656667/; classtype:trojan-activity;sid:84519767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656662)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656662/; classtype:trojan-activity;sid:84519762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656663)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656663/; classtype:trojan-activity;sid:84519763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656660)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656660/; classtype:trojan-activity;sid:84519760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656661)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656661/; classtype:trojan-activity;sid:84519761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656658)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656658/; classtype:trojan-activity;sid:84519758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656652)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656652/; classtype:trojan-activity;sid:84519752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656648)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656648/; classtype:trojan-activity;sid:84519748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656646)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656646/; classtype:trojan-activity;sid:84519746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656639)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656639/; classtype:trojan-activity;sid:84519739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656640)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656640/; classtype:trojan-activity;sid:84519740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656634)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656634/; classtype:trojan-activity;sid:84519734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656635)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656635/; classtype:trojan-activity;sid:84519735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656636)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"68.224.70.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656636/; classtype:trojan-activity;sid:84519736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656632)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656632/; classtype:trojan-activity;sid:84519732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656627)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656627/; classtype:trojan-activity;sid:84519727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656628)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656628/; classtype:trojan-activity;sid:84519728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656620)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.4.41.113"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656620/; classtype:trojan-activity;sid:84519720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656611)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656611/; classtype:trojan-activity;sid:84519711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656607)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656607/; classtype:trojan-activity;sid:84519707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656608)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656608/; classtype:trojan-activity;sid:84519708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656601)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656601/; classtype:trojan-activity;sid:84519701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656602)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656602/; classtype:trojan-activity;sid:84519702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656595)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656595/; classtype:trojan-activity;sid:84519695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656581)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656581/; classtype:trojan-activity;sid:84519681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656584)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656584/; classtype:trojan-activity;sid:84519684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656577)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656577/; classtype:trojan-activity;sid:84519677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656574)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.130.209.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656574/; classtype:trojan-activity;sid:84519674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656569)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656569/; classtype:trojan-activity;sid:84519669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656566)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.118.38.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656566/; classtype:trojan-activity;sid:84519666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656563)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656563/; classtype:trojan-activity;sid:84519663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656552)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656552/; classtype:trojan-activity;sid:84519652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656555)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656555/; classtype:trojan-activity;sid:84519655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656503/; classtype:trojan-activity;sid:84519603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656456/; classtype:trojan-activity;sid:84519556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656398)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656398/; classtype:trojan-activity;sid:84519498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656154)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.118.32.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656154/; classtype:trojan-activity;sid:84519254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656140)"; flow:established,from_client; content:"GET"; http_method; content:"/christian%20cg17042021%20xpanel.c3prj/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656140/; classtype:trojan-activity;sid:84519240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656061/; classtype:trojan-activity;sid:84519161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656060/; classtype:trojan-activity;sid:84519160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656059/; classtype:trojan-activity;sid:84519159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656058)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"181.36.153.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656058/; classtype:trojan-activity;sid:84519158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656056/; classtype:trojan-activity;sid:84519156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656057)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656057/; classtype:trojan-activity;sid:84519157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656054/; classtype:trojan-activity;sid:84519154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656051/; classtype:trojan-activity;sid:84519151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656050)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656050/; classtype:trojan-activity;sid:84519150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656037/; classtype:trojan-activity;sid:84519137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656038)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656038/; classtype:trojan-activity;sid:84519138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656030/; classtype:trojan-activity;sid:84519130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656021)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656021/; classtype:trojan-activity;sid:84519121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656019)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656019/; classtype:trojan-activity;sid:84519119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656007)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656007/; classtype:trojan-activity;sid:84519107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655992)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655992/; classtype:trojan-activity;sid:84519092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655981)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655981/; classtype:trojan-activity;sid:84519081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655977)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655977/; classtype:trojan-activity;sid:84519077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-12-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655975/; classtype:trojan-activity;sid:84519075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655973)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.43.45.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655973/; classtype:trojan-activity;sid:84519073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655969)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655969/; classtype:trojan-activity;sid:84519069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655970)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655970/; classtype:trojan-activity;sid:84519070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655911)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655911/; classtype:trojan-activity;sid:84519011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655908)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655908/; classtype:trojan-activity;sid:84519008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655903)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655903/; classtype:trojan-activity;sid:84519003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655896)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655896/; classtype:trojan-activity;sid:84518996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655889)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655889/; classtype:trojan-activity;sid:84518989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655887/; classtype:trojan-activity;sid:84518987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655881/; classtype:trojan-activity;sid:84518981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-05-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655880/; classtype:trojan-activity;sid:84518980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655879)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655879/; classtype:trojan-activity;sid:84518979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655875)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655875/; classtype:trojan-activity;sid:84518975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-06-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655867/; classtype:trojan-activity;sid:84518967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655866)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655866/; classtype:trojan-activity;sid:84518966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655860/; classtype:trojan-activity;sid:84518960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655859)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655859/; classtype:trojan-activity;sid:84518959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655851)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655851/; classtype:trojan-activity;sid:84518951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655844)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655844/; classtype:trojan-activity;sid:84518944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655845/; classtype:trojan-activity;sid:84518945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655842)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655842/; classtype:trojan-activity;sid:84518942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655838)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655838/; classtype:trojan-activity;sid:84518938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655839)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655839/; classtype:trojan-activity;sid:84518939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655837)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655837/; classtype:trojan-activity;sid:84518937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655834)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655834/; classtype:trojan-activity;sid:84518934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655828)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655828/; classtype:trojan-activity;sid:84518928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655829/; classtype:trojan-activity;sid:84518929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655824/; classtype:trojan-activity;sid:84518924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655817)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655817/; classtype:trojan-activity;sid:84518917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655806/; classtype:trojan-activity;sid:84518906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-01-31/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655803/; classtype:trojan-activity;sid:84518903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655801/; classtype:trojan-activity;sid:84518901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655799)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-06-22/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655799/; classtype:trojan-activity;sid:84518899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655797/; classtype:trojan-activity;sid:84518897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655792)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655792/; classtype:trojan-activity;sid:84518892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655791/; classtype:trojan-activity;sid:84518891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655786)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655786/; classtype:trojan-activity;sid:84518886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-06-02/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655787/; classtype:trojan-activity;sid:84518887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655784)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655784/; classtype:trojan-activity;sid:84518884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655782/; classtype:trojan-activity;sid:84518882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655783)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655783/; classtype:trojan-activity;sid:84518883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655781)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655781/; classtype:trojan-activity;sid:84518881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655775/; classtype:trojan-activity;sid:84518875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655774)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655774/; classtype:trojan-activity;sid:84518874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655768/; classtype:trojan-activity;sid:84518868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655766/; classtype:trojan-activity;sid:84518866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655763)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655763/; classtype:trojan-activity;sid:84518863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655761/; classtype:trojan-activity;sid:84518861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655757)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655757/; classtype:trojan-activity;sid:84518857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655754/; classtype:trojan-activity;sid:84518854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655755)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655755/; classtype:trojan-activity;sid:84518855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655753/; classtype:trojan-activity;sid:84518853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655751)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655751/; classtype:trojan-activity;sid:84518851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655750)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655750/; classtype:trojan-activity;sid:84518850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655748)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655748/; classtype:trojan-activity;sid:84518848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655749)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655749/; classtype:trojan-activity;sid:84518849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655743)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-06-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655743/; classtype:trojan-activity;sid:84518843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655744)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655744/; classtype:trojan-activity;sid:84518844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655745)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655745/; classtype:trojan-activity;sid:84518845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655731)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655731/; classtype:trojan-activity;sid:84518831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655730)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655730/; classtype:trojan-activity;sid:84518830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655718)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655718/; classtype:trojan-activity;sid:84518818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655717/; classtype:trojan-activity;sid:84518817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655714)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655714/; classtype:trojan-activity;sid:84518814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-12-01/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655712/; classtype:trojan-activity;sid:84518812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655699)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655699/; classtype:trojan-activity;sid:84518799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655701)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655701/; classtype:trojan-activity;sid:84518801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655703)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655703/; classtype:trojan-activity;sid:84518803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655696)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655696/; classtype:trojan-activity;sid:84518796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655697)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655697/; classtype:trojan-activity;sid:84518797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655662)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655662/; classtype:trojan-activity;sid:84518762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655665)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655665/; classtype:trojan-activity;sid:84518765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655654)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655654/; classtype:trojan-activity;sid:84518754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655649)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655649/; classtype:trojan-activity;sid:84518749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655642)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655642/; classtype:trojan-activity;sid:84518742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655645)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655645/; classtype:trojan-activity;sid:84518745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655646)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-12-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655646/; classtype:trojan-activity;sid:84518746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655631)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655631/; classtype:trojan-activity;sid:84518731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655596)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655596/; classtype:trojan-activity;sid:84518696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655593)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655593/; classtype:trojan-activity;sid:84518693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655594)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655594/; classtype:trojan-activity;sid:84518694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655590)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655590/; classtype:trojan-activity;sid:84518690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-11-29/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655586/; classtype:trojan-activity;sid:84518686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655572)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655572/; classtype:trojan-activity;sid:84518672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655562)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655562/; classtype:trojan-activity;sid:84518662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655560)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655560/; classtype:trojan-activity;sid:84518660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655556)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655556/; classtype:trojan-activity;sid:84518656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655557)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655557/; classtype:trojan-activity;sid:84518657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655559)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655559/; classtype:trojan-activity;sid:84518659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655553)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655553/; classtype:trojan-activity;sid:84518653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655535)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655535/; classtype:trojan-activity;sid:84518635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-10-22/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655510/; classtype:trojan-activity;sid:84518610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655507)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655507/; classtype:trojan-activity;sid:84518607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-08-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655503/; classtype:trojan-activity;sid:84518603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655501)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655501/; classtype:trojan-activity;sid:84518601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655495/; classtype:trojan-activity;sid:84518595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655493)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655493/; classtype:trojan-activity;sid:84518593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655490)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655490/; classtype:trojan-activity;sid:84518590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655479)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655479/; classtype:trojan-activity;sid:84518579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655476)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655476/; classtype:trojan-activity;sid:84518576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655474)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655474/; classtype:trojan-activity;sid:84518574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655471/; classtype:trojan-activity;sid:84518571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655468)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"172.251.160.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655468/; classtype:trojan-activity;sid:84518568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655469)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655469/; classtype:trojan-activity;sid:84518569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655466)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655466/; classtype:trojan-activity;sid:84518566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655462)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655462/; classtype:trojan-activity;sid:84518562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655461)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655461/; classtype:trojan-activity;sid:84518561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655458)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655458/; classtype:trojan-activity;sid:84518558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655453)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655453/; classtype:trojan-activity;sid:84518553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655447)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655447/; classtype:trojan-activity;sid:84518547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655440)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655440/; classtype:trojan-activity;sid:84518540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655442)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655442/; classtype:trojan-activity;sid:84518542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655430)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655430/; classtype:trojan-activity;sid:84518530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655436)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655436/; classtype:trojan-activity;sid:84518536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655421/; classtype:trojan-activity;sid:84518521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655420)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655420/; classtype:trojan-activity;sid:84518520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655413)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-07/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655413/; classtype:trojan-activity;sid:84518513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655411/; classtype:trojan-activity;sid:84518511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655408)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655408/; classtype:trojan-activity;sid:84518508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655403)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655403/; classtype:trojan-activity;sid:84518503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655398)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655398/; classtype:trojan-activity;sid:84518498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655387/; classtype:trojan-activity;sid:84518487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655383)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655383/; classtype:trojan-activity;sid:84518483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655379)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655379/; classtype:trojan-activity;sid:84518479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655378)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655378/; classtype:trojan-activity;sid:84518478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655373)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655373/; classtype:trojan-activity;sid:84518473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655368/; classtype:trojan-activity;sid:84518468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655365)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655365/; classtype:trojan-activity;sid:84518465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655362)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655362/; classtype:trojan-activity;sid:84518462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655361)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655361/; classtype:trojan-activity;sid:84518461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655353/; classtype:trojan-activity;sid:84518453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655348)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655348/; classtype:trojan-activity;sid:84518448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-02-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655345/; classtype:trojan-activity;sid:84518445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655343)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655343/; classtype:trojan-activity;sid:84518443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655339)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655339/; classtype:trojan-activity;sid:84518439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655335)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655335/; classtype:trojan-activity;sid:84518435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655331/; classtype:trojan-activity;sid:84518431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655329)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655329/; classtype:trojan-activity;sid:84518429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655322)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655322/; classtype:trojan-activity;sid:84518422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655323)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655323/; classtype:trojan-activity;sid:84518423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655321/; classtype:trojan-activity;sid:84518421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655315)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655315/; classtype:trojan-activity;sid:84518415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655313)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655313/; classtype:trojan-activity;sid:84518413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655314)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-03-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655314/; classtype:trojan-activity;sid:84518414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655311/; classtype:trojan-activity;sid:84518411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655309)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655309/; classtype:trojan-activity;sid:84518409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655306)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655306/; classtype:trojan-activity;sid:84518406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655302)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655302/; classtype:trojan-activity;sid:84518402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655295)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655295/; classtype:trojan-activity;sid:84518395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655294)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655294/; classtype:trojan-activity;sid:84518394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655293/; classtype:trojan-activity;sid:84518393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655291/; classtype:trojan-activity;sid:84518391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655286/; classtype:trojan-activity;sid:84518386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655280)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655280/; classtype:trojan-activity;sid:84518380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655279)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655279/; classtype:trojan-activity;sid:84518379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-02-28/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655274/; classtype:trojan-activity;sid:84518374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655275)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655275/; classtype:trojan-activity;sid:84518375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655276)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655276/; classtype:trojan-activity;sid:84518376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655272)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655272/; classtype:trojan-activity;sid:84518372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655267)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655267/; classtype:trojan-activity;sid:84518367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655262)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655262/; classtype:trojan-activity;sid:84518362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655259)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655259/; classtype:trojan-activity;sid:84518359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655257/; classtype:trojan-activity;sid:84518357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655253)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655253/; classtype:trojan-activity;sid:84518353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655244)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655244/; classtype:trojan-activity;sid:84518344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655245)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655245/; classtype:trojan-activity;sid:84518345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655230)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655230/; classtype:trojan-activity;sid:84518330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655228)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655228/; classtype:trojan-activity;sid:84518328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655222)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655222/; classtype:trojan-activity;sid:84518322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655220/; classtype:trojan-activity;sid:84518320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655213/; classtype:trojan-activity;sid:84518313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655207)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655207/; classtype:trojan-activity;sid:84518307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655203)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655203/; classtype:trojan-activity;sid:84518303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655200)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655200/; classtype:trojan-activity;sid:84518300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655198)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655198/; classtype:trojan-activity;sid:84518298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655197)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655197/; classtype:trojan-activity;sid:84518297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655187/; classtype:trojan-activity;sid:84518287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655179/; classtype:trojan-activity;sid:84518279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655169)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655169/; classtype:trojan-activity;sid:84518269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655170/; classtype:trojan-activity;sid:84518270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655164)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655164/; classtype:trojan-activity;sid:84518264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655160)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655160/; classtype:trojan-activity;sid:84518260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655143)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655143/; classtype:trojan-activity;sid:84518243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655144)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"181.36.153.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655144/; classtype:trojan-activity;sid:84518244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655126)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655126/; classtype:trojan-activity;sid:84518226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655116)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655116/; classtype:trojan-activity;sid:84518216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655115)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655115/; classtype:trojan-activity;sid:84518215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655109)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655109/; classtype:trojan-activity;sid:84518209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655099/; classtype:trojan-activity;sid:84518199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655093)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655093/; classtype:trojan-activity;sid:84518193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655094)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655094/; classtype:trojan-activity;sid:84518194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655089)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655089/; classtype:trojan-activity;sid:84518189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655090)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655090/; classtype:trojan-activity;sid:84518190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-03-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655088/; classtype:trojan-activity;sid:84518188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2025-01-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655085/; classtype:trojan-activity;sid:84518185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655084)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655084/; classtype:trojan-activity;sid:84518184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655081)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655081/; classtype:trojan-activity;sid:84518181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655077)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655077/; classtype:trojan-activity;sid:84518177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655073)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655073/; classtype:trojan-activity;sid:84518173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655072)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655072/; classtype:trojan-activity;sid:84518172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655070)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655070/; classtype:trojan-activity;sid:84518170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655065/; classtype:trojan-activity;sid:84518165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655064)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655064/; classtype:trojan-activity;sid:84518164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655061/; classtype:trojan-activity;sid:84518161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655057)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655057/; classtype:trojan-activity;sid:84518157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655054)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655054/; classtype:trojan-activity;sid:84518154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655052)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655052/; classtype:trojan-activity;sid:84518152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655049)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655049/; classtype:trojan-activity;sid:84518149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655046)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655046/; classtype:trojan-activity;sid:84518146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655045)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655045/; classtype:trojan-activity;sid:84518145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655037)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655037/; classtype:trojan-activity;sid:84518137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655038)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655038/; classtype:trojan-activity;sid:84518138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655034/; classtype:trojan-activity;sid:84518134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655028/; classtype:trojan-activity;sid:84518128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655025)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655025/; classtype:trojan-activity;sid:84518125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655021)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655021/; classtype:trojan-activity;sid:84518121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655016)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655016/; classtype:trojan-activity;sid:84518116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655010)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655010/; classtype:trojan-activity;sid:84518110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655008)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655008/; classtype:trojan-activity;sid:84518108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655005)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655005/; classtype:trojan-activity;sid:84518105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655004)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655004/; classtype:trojan-activity;sid:84518104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655001)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655001/; classtype:trojan-activity;sid:84518101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654999)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654999/; classtype:trojan-activity;sid:84518099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654994)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654994/; classtype:trojan-activity;sid:84518094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-01-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654992/; classtype:trojan-activity;sid:84518092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654991)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654991/; classtype:trojan-activity;sid:84518091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654985/; classtype:trojan-activity;sid:84518085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654982)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654982/; classtype:trojan-activity;sid:84518082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654973/; classtype:trojan-activity;sid:84518073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654971)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654971/; classtype:trojan-activity;sid:84518071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654970)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654970/; classtype:trojan-activity;sid:84518070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654967)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654967/; classtype:trojan-activity;sid:84518067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654966/; classtype:trojan-activity;sid:84518066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654962)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654962/; classtype:trojan-activity;sid:84518062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654957)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654957/; classtype:trojan-activity;sid:84518057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654953)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654953/; classtype:trojan-activity;sid:84518053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654946)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654946/; classtype:trojan-activity;sid:84518046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654942)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654942/; classtype:trojan-activity;sid:84518042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654938)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654938/; classtype:trojan-activity;sid:84518038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-07-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654940/; classtype:trojan-activity;sid:84518040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654936)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654936/; classtype:trojan-activity;sid:84518036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654935)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.148.10.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654935/; classtype:trojan-activity;sid:84518035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654928)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654928/; classtype:trojan-activity;sid:84518028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654927/; classtype:trojan-activity;sid:84518027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654922)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654922/; classtype:trojan-activity;sid:84518022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654923)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654923/; classtype:trojan-activity;sid:84518023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654921/; classtype:trojan-activity;sid:84518021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654917)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654917/; classtype:trojan-activity;sid:84518017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654902)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654902/; classtype:trojan-activity;sid:84518002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654904)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654904/; classtype:trojan-activity;sid:84518004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654898)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654898/; classtype:trojan-activity;sid:84517998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654893)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654893/; classtype:trojan-activity;sid:84517993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654894/; classtype:trojan-activity;sid:84517994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654892)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654892/; classtype:trojan-activity;sid:84517992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654884)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654884/; classtype:trojan-activity;sid:84517984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654880)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654880/; classtype:trojan-activity;sid:84517980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654874)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654874/; classtype:trojan-activity;sid:84517974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654876)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654876/; classtype:trojan-activity;sid:84517976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654868)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654868/; classtype:trojan-activity;sid:84517968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654859)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654859/; classtype:trojan-activity;sid:84517959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654857)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654857/; classtype:trojan-activity;sid:84517957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654853/; classtype:trojan-activity;sid:84517953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654850)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654850/; classtype:trojan-activity;sid:84517950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654848)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654848/; classtype:trojan-activity;sid:84517948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654842)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.251.252.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654842/; classtype:trojan-activity;sid:84517942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654829)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654829/; classtype:trojan-activity;sid:84517929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654826)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654826/; classtype:trojan-activity;sid:84517926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654811)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654811/; classtype:trojan-activity;sid:84517911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654808)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654808/; classtype:trojan-activity;sid:84517908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654806)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654806/; classtype:trojan-activity;sid:84517906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654804/; classtype:trojan-activity;sid:84517904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654803)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654803/; classtype:trojan-activity;sid:84517903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654799)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654799/; classtype:trojan-activity;sid:84517899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654796/; classtype:trojan-activity;sid:84517896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654797)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654797/; classtype:trojan-activity;sid:84517897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654793)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654793/; classtype:trojan-activity;sid:84517893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654788)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654788/; classtype:trojan-activity;sid:84517888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654781/; classtype:trojan-activity;sid:84517881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654769)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654769/; classtype:trojan-activity;sid:84517869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654762/; classtype:trojan-activity;sid:84517862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654758)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654758/; classtype:trojan-activity;sid:84517858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654748)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654748/; classtype:trojan-activity;sid:84517848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654747)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654747/; classtype:trojan-activity;sid:84517847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654746)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654746/; classtype:trojan-activity;sid:84517846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654740)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654740/; classtype:trojan-activity;sid:84517840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654732)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654732/; classtype:trojan-activity;sid:84517832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-02-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654729/; classtype:trojan-activity;sid:84517829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654727)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654727/; classtype:trojan-activity;sid:84517827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-09-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654726/; classtype:trojan-activity;sid:84517826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654721)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654721/; classtype:trojan-activity;sid:84517821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654719)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654719/; classtype:trojan-activity;sid:84517819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654714/; classtype:trojan-activity;sid:84517814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654709)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654709/; classtype:trojan-activity;sid:84517809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654710)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654710/; classtype:trojan-activity;sid:84517810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654708)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654708/; classtype:trojan-activity;sid:84517808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654694/; classtype:trojan-activity;sid:84517794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654695/; classtype:trojan-activity;sid:84517795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654687/; classtype:trojan-activity;sid:84517787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654682/; classtype:trojan-activity;sid:84517782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654677/; classtype:trojan-activity;sid:84517777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654678/; classtype:trojan-activity;sid:84517778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654673)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654673/; classtype:trojan-activity;sid:84517773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654674/; classtype:trojan-activity;sid:84517774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654672/; classtype:trojan-activity;sid:84517772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654668)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654668/; classtype:trojan-activity;sid:84517768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654665/; classtype:trojan-activity;sid:84517765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654661)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654661/; classtype:trojan-activity;sid:84517761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654659)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654659/; classtype:trojan-activity;sid:84517759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654657)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654657/; classtype:trojan-activity;sid:84517757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654655)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654655/; classtype:trojan-activity;sid:84517755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654654)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654654/; classtype:trojan-activity;sid:84517754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654651)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654651/; classtype:trojan-activity;sid:84517751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654647)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654647/; classtype:trojan-activity;sid:84517747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654643/; classtype:trojan-activity;sid:84517743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654641)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654641/; classtype:trojan-activity;sid:84517741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654634)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654634/; classtype:trojan-activity;sid:84517734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654630/; classtype:trojan-activity;sid:84517730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654625)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654625/; classtype:trojan-activity;sid:84517725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654622/; classtype:trojan-activity;sid:84517722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654620)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.56.227.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654620/; classtype:trojan-activity;sid:84517720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654610)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654610/; classtype:trojan-activity;sid:84517710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654608)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654608/; classtype:trojan-activity;sid:84517708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654600)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654600/; classtype:trojan-activity;sid:84517700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654599)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654599/; classtype:trojan-activity;sid:84517699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654588)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654588/; classtype:trojan-activity;sid:84517688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654589)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654589/; classtype:trojan-activity;sid:84517689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654585/; classtype:trojan-activity;sid:84517685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654575/; classtype:trojan-activity;sid:84517675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654555)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654555/; classtype:trojan-activity;sid:84517655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654551)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654551/; classtype:trojan-activity;sid:84517651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654546/; classtype:trojan-activity;sid:84517646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654541)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654541/; classtype:trojan-activity;sid:84517641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654542)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654542/; classtype:trojan-activity;sid:84517642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654537)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654537/; classtype:trojan-activity;sid:84517637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654533)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654533/; classtype:trojan-activity;sid:84517633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654531)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654531/; classtype:trojan-activity;sid:84517631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654527)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654527/; classtype:trojan-activity;sid:84517627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654526/; classtype:trojan-activity;sid:84517626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-11-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654522/; classtype:trojan-activity;sid:84517622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654513)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654513/; classtype:trojan-activity;sid:84517613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-15/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654514/; classtype:trojan-activity;sid:84517614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-07-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654509/; classtype:trojan-activity;sid:84517609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654508)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654508/; classtype:trojan-activity;sid:84517608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654507/; classtype:trojan-activity;sid:84517607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654504)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654504/; classtype:trojan-activity;sid:84517604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654499)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654499/; classtype:trojan-activity;sid:84517599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654501)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654501/; classtype:trojan-activity;sid:84517601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654498)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654498/; classtype:trojan-activity;sid:84517598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654495)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654495/; classtype:trojan-activity;sid:84517595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654491/; classtype:trojan-activity;sid:84517591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654484)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654484/; classtype:trojan-activity;sid:84517584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654478)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654478/; classtype:trojan-activity;sid:84517578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654477)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654477/; classtype:trojan-activity;sid:84517577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654476)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654476/; classtype:trojan-activity;sid:84517576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654474)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654474/; classtype:trojan-activity;sid:84517574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654451)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654451/; classtype:trojan-activity;sid:84517551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654450)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654450/; classtype:trojan-activity;sid:84517550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654447)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654447/; classtype:trojan-activity;sid:84517547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654428/; classtype:trojan-activity;sid:84517528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654392)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654392/; classtype:trojan-activity;sid:84517492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654390)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654390/; classtype:trojan-activity;sid:84517490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654391/; classtype:trojan-activity;sid:84517491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654385)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654385/; classtype:trojan-activity;sid:84517485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654380)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.42.36.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654380/; classtype:trojan-activity;sid:84517480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654378)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654378/; classtype:trojan-activity;sid:84517478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-06-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654372/; classtype:trojan-activity;sid:84517472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654364)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654364/; classtype:trojan-activity;sid:84517464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654356)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654356/; classtype:trojan-activity;sid:84517456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654347)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654347/; classtype:trojan-activity;sid:84517447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654342)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654342/; classtype:trojan-activity;sid:84517442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654339)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654339/; classtype:trojan-activity;sid:84517439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654336)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654336/; classtype:trojan-activity;sid:84517436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654337)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654337/; classtype:trojan-activity;sid:84517437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654334)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654334/; classtype:trojan-activity;sid:84517434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654333)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654333/; classtype:trojan-activity;sid:84517433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654331/; classtype:trojan-activity;sid:84517431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654326)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654326/; classtype:trojan-activity;sid:84517426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654321)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654321/; classtype:trojan-activity;sid:84517421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654320)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654320/; classtype:trojan-activity;sid:84517420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654318)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654318/; classtype:trojan-activity;sid:84517418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654312)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654312/; classtype:trojan-activity;sid:84517412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654308)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654308/; classtype:trojan-activity;sid:84517408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654299)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654299/; classtype:trojan-activity;sid:84517399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654292/; classtype:trojan-activity;sid:84517392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654288)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654288/; classtype:trojan-activity;sid:84517388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654289)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654289/; classtype:trojan-activity;sid:84517389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654285)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654285/; classtype:trojan-activity;sid:84517385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654284)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654284/; classtype:trojan-activity;sid:84517384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654283)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654283/; classtype:trojan-activity;sid:84517383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654280)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654280/; classtype:trojan-activity;sid:84517380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654276)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654276/; classtype:trojan-activity;sid:84517376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654273)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654273/; classtype:trojan-activity;sid:84517373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654270/; classtype:trojan-activity;sid:84517370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654268)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654268/; classtype:trojan-activity;sid:84517368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654266)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654266/; classtype:trojan-activity;sid:84517366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654259)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654259/; classtype:trojan-activity;sid:84517359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654258)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654258/; classtype:trojan-activity;sid:84517358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654253)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654253/; classtype:trojan-activity;sid:84517353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654247/; classtype:trojan-activity;sid:84517347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654243)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654243/; classtype:trojan-activity;sid:84517343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654239/; classtype:trojan-activity;sid:84517339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654234)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654234/; classtype:trojan-activity;sid:84517334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654233/; classtype:trojan-activity;sid:84517333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654216)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-04-07/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654216/; classtype:trojan-activity;sid:84517316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654213)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654213/; classtype:trojan-activity;sid:84517313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654208)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654208/; classtype:trojan-activity;sid:84517308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654209/; classtype:trojan-activity;sid:84517309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654205)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654205/; classtype:trojan-activity;sid:84517305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654203)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654203/; classtype:trojan-activity;sid:84517303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654204)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654204/; classtype:trojan-activity;sid:84517304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654201)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654201/; classtype:trojan-activity;sid:84517301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654202)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654202/; classtype:trojan-activity;sid:84517302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654197)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654197/; classtype:trojan-activity;sid:84517297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654195)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654195/; classtype:trojan-activity;sid:84517295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654192)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654192/; classtype:trojan-activity;sid:84517292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654193)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654193/; classtype:trojan-activity;sid:84517293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-10-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654187/; classtype:trojan-activity;sid:84517287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654185)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654185/; classtype:trojan-activity;sid:84517285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654181)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654181/; classtype:trojan-activity;sid:84517281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654173)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654173/; classtype:trojan-activity;sid:84517273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654177)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654177/; classtype:trojan-activity;sid:84517277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-06-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654163/; classtype:trojan-activity;sid:84517263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654161)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654161/; classtype:trojan-activity;sid:84517261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654149)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654149/; classtype:trojan-activity;sid:84517249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654125/; classtype:trojan-activity;sid:84517225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654122)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654122/; classtype:trojan-activity;sid:84517222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654123)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654123/; classtype:trojan-activity;sid:84517223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654119/; classtype:trojan-activity;sid:84517219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654117)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654117/; classtype:trojan-activity;sid:84517217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654113)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654113/; classtype:trojan-activity;sid:84517213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654108)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654108/; classtype:trojan-activity;sid:84517208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654098)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654098/; classtype:trojan-activity;sid:84517198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654088/; classtype:trojan-activity;sid:84517188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654078)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654078/; classtype:trojan-activity;sid:84517178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654077)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654077/; classtype:trojan-activity;sid:84517177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654076)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654076/; classtype:trojan-activity;sid:84517176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654074)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654074/; classtype:trojan-activity;sid:84517174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654072)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654072/; classtype:trojan-activity;sid:84517172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654071)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654071/; classtype:trojan-activity;sid:84517171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654065)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654065/; classtype:trojan-activity;sid:84517165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654059)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654059/; classtype:trojan-activity;sid:84517159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654055)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654055/; classtype:trojan-activity;sid:84517155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654054)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654054/; classtype:trojan-activity;sid:84517154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654044)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654044/; classtype:trojan-activity;sid:84517144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654038)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654038/; classtype:trojan-activity;sid:84517138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654034/; classtype:trojan-activity;sid:84517134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654032)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654032/; classtype:trojan-activity;sid:84517132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654026)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654026/; classtype:trojan-activity;sid:84517126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654025/; classtype:trojan-activity;sid:84517125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654024)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654024/; classtype:trojan-activity;sid:84517124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654023/; classtype:trojan-activity;sid:84517123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654022)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654022/; classtype:trojan-activity;sid:84517122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654019)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654019/; classtype:trojan-activity;sid:84517119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654018)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654018/; classtype:trojan-activity;sid:84517118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654017/; classtype:trojan-activity;sid:84517117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654009)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654009/; classtype:trojan-activity;sid:84517109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-17/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654005/; classtype:trojan-activity;sid:84517105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654000)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654000/; classtype:trojan-activity;sid:84517100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653997)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653997/; classtype:trojan-activity;sid:84517097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653995)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653995/; classtype:trojan-activity;sid:84517095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653992/; classtype:trojan-activity;sid:84517092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653985)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653985/; classtype:trojan-activity;sid:84517085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653977)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653977/; classtype:trojan-activity;sid:84517077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653973)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653973/; classtype:trojan-activity;sid:84517073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653972/; classtype:trojan-activity;sid:84517072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653964)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653964/; classtype:trojan-activity;sid:84517064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653960)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653960/; classtype:trojan-activity;sid:84517060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653947)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653947/; classtype:trojan-activity;sid:84517047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653941)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653941/; classtype:trojan-activity;sid:84517041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653943/; classtype:trojan-activity;sid:84517043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653939)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653939/; classtype:trojan-activity;sid:84517039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653930)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653930/; classtype:trojan-activity;sid:84517030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653917)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653917/; classtype:trojan-activity;sid:84517017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653918)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653918/; classtype:trojan-activity;sid:84517018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653916)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653916/; classtype:trojan-activity;sid:84517016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653914/; classtype:trojan-activity;sid:84517014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653912)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653912/; classtype:trojan-activity;sid:84517012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653910)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653910/; classtype:trojan-activity;sid:84517010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653900)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653900/; classtype:trojan-activity;sid:84517000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653893)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653893/; classtype:trojan-activity;sid:84516993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653888)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653888/; classtype:trojan-activity;sid:84516988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653885)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653885/; classtype:trojan-activity;sid:84516985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-04-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653882/; classtype:trojan-activity;sid:84516982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653878)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.118.32.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653878/; classtype:trojan-activity;sid:84516978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653875/; classtype:trojan-activity;sid:84516975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653874)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653874/; classtype:trojan-activity;sid:84516974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653871)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653871/; classtype:trojan-activity;sid:84516971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653867)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653867/; classtype:trojan-activity;sid:84516967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653864/; classtype:trojan-activity;sid:84516964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653863/; classtype:trojan-activity;sid:84516963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653861/; classtype:trojan-activity;sid:84516961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653858)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653858/; classtype:trojan-activity;sid:84516958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653856/; classtype:trojan-activity;sid:84516956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653853)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653853/; classtype:trojan-activity;sid:84516953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653852/; classtype:trojan-activity;sid:84516952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653848)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653848/; classtype:trojan-activity;sid:84516948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653849/; classtype:trojan-activity;sid:84516949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653847)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653847/; classtype:trojan-activity;sid:84516947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-06-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653841/; classtype:trojan-activity;sid:84516941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653840)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653840/; classtype:trojan-activity;sid:84516940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653839/; classtype:trojan-activity;sid:84516939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653836/; classtype:trojan-activity;sid:84516936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-04-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653831/; classtype:trojan-activity;sid:84516931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653829)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653829/; classtype:trojan-activity;sid:84516929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653828)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653828/; classtype:trojan-activity;sid:84516928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653827)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653827/; classtype:trojan-activity;sid:84516927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653824)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653824/; classtype:trojan-activity;sid:84516924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653823/; classtype:trojan-activity;sid:84516923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653818/; classtype:trojan-activity;sid:84516918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653819/; classtype:trojan-activity;sid:84516919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653814)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653814/; classtype:trojan-activity;sid:84516914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653813)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653813/; classtype:trojan-activity;sid:84516913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653806)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653806/; classtype:trojan-activity;sid:84516906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653799)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653799/; classtype:trojan-activity;sid:84516899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653794)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-08-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653794/; classtype:trojan-activity;sid:84516894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653792)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653792/; classtype:trojan-activity;sid:84516892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-04-01/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653790/; classtype:trojan-activity;sid:84516890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653785/; classtype:trojan-activity;sid:84516885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653783/; classtype:trojan-activity;sid:84516883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653782/; classtype:trojan-activity;sid:84516882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653781)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653781/; classtype:trojan-activity;sid:84516881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653772)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653772/; classtype:trojan-activity;sid:84516872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653770)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653770/; classtype:trojan-activity;sid:84516870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653761/; classtype:trojan-activity;sid:84516861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653758/; classtype:trojan-activity;sid:84516858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653755)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653755/; classtype:trojan-activity;sid:84516855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653751/; classtype:trojan-activity;sid:84516851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653748)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653748/; classtype:trojan-activity;sid:84516848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653745)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653745/; classtype:trojan-activity;sid:84516845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653743)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653743/; classtype:trojan-activity;sid:84516843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653741/; classtype:trojan-activity;sid:84516841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-06-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653737/; classtype:trojan-activity;sid:84516837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653734/; classtype:trojan-activity;sid:84516834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653732)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653732/; classtype:trojan-activity;sid:84516832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653730/; classtype:trojan-activity;sid:84516830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653728/; classtype:trojan-activity;sid:84516828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-09-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653725/; classtype:trojan-activity;sid:84516825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653722/; classtype:trojan-activity;sid:84516822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653717)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653717/; classtype:trojan-activity;sid:84516817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653713)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653713/; classtype:trojan-activity;sid:84516813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-11-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653707/; classtype:trojan-activity;sid:84516807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653705)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653705/; classtype:trojan-activity;sid:84516805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653704)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-02-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653704/; classtype:trojan-activity;sid:84516804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653703)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653703/; classtype:trojan-activity;sid:84516803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653701)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653701/; classtype:trojan-activity;sid:84516801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-03-01/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653696/; classtype:trojan-activity;sid:84516796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653695/; classtype:trojan-activity;sid:84516795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653693/; classtype:trojan-activity;sid:84516793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653690)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653690/; classtype:trojan-activity;sid:84516790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653691)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653691/; classtype:trojan-activity;sid:84516791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653685)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653685/; classtype:trojan-activity;sid:84516785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653683/; classtype:trojan-activity;sid:84516783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653681/; classtype:trojan-activity;sid:84516781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653675/; classtype:trojan-activity;sid:84516775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653672)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653672/; classtype:trojan-activity;sid:84516772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-11-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653671/; classtype:trojan-activity;sid:84516771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653669)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653669/; classtype:trojan-activity;sid:84516769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-03-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653665/; classtype:trojan-activity;sid:84516765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653666)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653666/; classtype:trojan-activity;sid:84516766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653662)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653662/; classtype:trojan-activity;sid:84516762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653663)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653663/; classtype:trojan-activity;sid:84516763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653661)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653661/; classtype:trojan-activity;sid:84516761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653655)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653655/; classtype:trojan-activity;sid:84516755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653654)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653654/; classtype:trojan-activity;sid:84516754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653649/; classtype:trojan-activity;sid:84516749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653650/; classtype:trojan-activity;sid:84516750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653651)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653651/; classtype:trojan-activity;sid:84516751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653652)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653652/; classtype:trojan-activity;sid:84516752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653647)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653647/; classtype:trojan-activity;sid:84516747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653640)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653640/; classtype:trojan-activity;sid:84516740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653636/; classtype:trojan-activity;sid:84516736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653633/; classtype:trojan-activity;sid:84516733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653634)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653634/; classtype:trojan-activity;sid:84516734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653632)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653632/; classtype:trojan-activity;sid:84516732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653629)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653629/; classtype:trojan-activity;sid:84516729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653627)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653627/; classtype:trojan-activity;sid:84516727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653620)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653620/; classtype:trojan-activity;sid:84516720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653621)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653621/; classtype:trojan-activity;sid:84516721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653622)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653622/; classtype:trojan-activity;sid:84516722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653611)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653611/; classtype:trojan-activity;sid:84516711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653612)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653612/; classtype:trojan-activity;sid:84516712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653606/; classtype:trojan-activity;sid:84516706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653607)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653607/; classtype:trojan-activity;sid:84516707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653605)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653605/; classtype:trojan-activity;sid:84516705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653602/; classtype:trojan-activity;sid:84516702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653599/; classtype:trojan-activity;sid:84516699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653598/; classtype:trojan-activity;sid:84516698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653595/; classtype:trojan-activity;sid:84516695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-12-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653593/; classtype:trojan-activity;sid:84516693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-04-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653586/; classtype:trojan-activity;sid:84516686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653585/; classtype:trojan-activity;sid:84516685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653577/; classtype:trojan-activity;sid:84516677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653550/; classtype:trojan-activity;sid:84516650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653547)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653547/; classtype:trojan-activity;sid:84516647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653546/; classtype:trojan-activity;sid:84516646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653537)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653537/; classtype:trojan-activity;sid:84516637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653530)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653530/; classtype:trojan-activity;sid:84516630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653525)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653525/; classtype:trojan-activity;sid:84516625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653518/; classtype:trojan-activity;sid:84516618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653508/; classtype:trojan-activity;sid:84516608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653502/; classtype:trojan-activity;sid:84516602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-07-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653495/; classtype:trojan-activity;sid:84516595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653494/; classtype:trojan-activity;sid:84516594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653492/; classtype:trojan-activity;sid:84516592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653489)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-01-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653489/; classtype:trojan-activity;sid:84516589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653487/; classtype:trojan-activity;sid:84516587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653485/; classtype:trojan-activity;sid:84516585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-11-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653482/; classtype:trojan-activity;sid:84516582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653479/; classtype:trojan-activity;sid:84516579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653466/; classtype:trojan-activity;sid:84516566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653464)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-04-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653464/; classtype:trojan-activity;sid:84516564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653440/; classtype:trojan-activity;sid:84516540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653427/; classtype:trojan-activity;sid:84516527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653408/; classtype:trojan-activity;sid:84516508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653384/; classtype:trojan-activity;sid:84516484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-07-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653374/; classtype:trojan-activity;sid:84516474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653370/; classtype:trojan-activity;sid:84516470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-07-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653366/; classtype:trojan-activity;sid:84516466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653365/; classtype:trojan-activity;sid:84516465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653363/; classtype:trojan-activity;sid:84516463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653352/; classtype:trojan-activity;sid:84516452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653347/; classtype:trojan-activity;sid:84516447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-12-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653343/; classtype:trojan-activity;sid:84516443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653333)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-08-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653333/; classtype:trojan-activity;sid:84516433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653310/; classtype:trojan-activity;sid:84516410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653311/; classtype:trojan-activity;sid:84516411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653303/; classtype:trojan-activity;sid:84516403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-10-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653304/; classtype:trojan-activity;sid:84516404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653297)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653297/; classtype:trojan-activity;sid:84516397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653293/; classtype:trojan-activity;sid:84516393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653290/; classtype:trojan-activity;sid:84516390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-06/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653289/; classtype:trojan-activity;sid:84516389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653288/; classtype:trojan-activity;sid:84516388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653281/; classtype:trojan-activity;sid:84516381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653279)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-09-03/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653279/; classtype:trojan-activity;sid:84516379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653278/; classtype:trojan-activity;sid:84516378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653271)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653271/; classtype:trojan-activity;sid:84516371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653264)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653264/; classtype:trojan-activity;sid:84516364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653248)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653248/; classtype:trojan-activity;sid:84516348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653250/; classtype:trojan-activity;sid:84516350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-11-23/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653244/; classtype:trojan-activity;sid:84516344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653243/; classtype:trojan-activity;sid:84516343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653238/; classtype:trojan-activity;sid:84516338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653234)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653234/; classtype:trojan-activity;sid:84516334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653208)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653208/; classtype:trojan-activity;sid:84516308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653205/; classtype:trojan-activity;sid:84516305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653204/; classtype:trojan-activity;sid:84516304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653183/; classtype:trojan-activity;sid:84516283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653179/; classtype:trojan-activity;sid:84516279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653178/; classtype:trojan-activity;sid:84516278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653176/; classtype:trojan-activity;sid:84516276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653177/; classtype:trojan-activity;sid:84516277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653173/; classtype:trojan-activity;sid:84516273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653169/; classtype:trojan-activity;sid:84516269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653171/; classtype:trojan-activity;sid:84516271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653172)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653172/; classtype:trojan-activity;sid:84516272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653163/; classtype:trojan-activity;sid:84516263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653166/; classtype:trojan-activity;sid:84516266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653159/; classtype:trojan-activity;sid:84516259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653160/; classtype:trojan-activity;sid:84516260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653161/; classtype:trojan-activity;sid:84516261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653156/; classtype:trojan-activity;sid:84516256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-10-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653155/; classtype:trojan-activity;sid:84516255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653152)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653152/; classtype:trojan-activity;sid:84516252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653151/; classtype:trojan-activity;sid:84516251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653149/; classtype:trojan-activity;sid:84516249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-10-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653148/; classtype:trojan-activity;sid:84516248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-09-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653143/; classtype:trojan-activity;sid:84516243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653140/; classtype:trojan-activity;sid:84516240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653137/; classtype:trojan-activity;sid:84516237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653136/; classtype:trojan-activity;sid:84516236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653132)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653132/; classtype:trojan-activity;sid:84516232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653114/; classtype:trojan-activity;sid:84516214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653111/; classtype:trojan-activity;sid:84516211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653107/; classtype:trojan-activity;sid:84516207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653104/; classtype:trojan-activity;sid:84516204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653097/; classtype:trojan-activity;sid:84516197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653094/; classtype:trojan-activity;sid:84516194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653079/; classtype:trojan-activity;sid:84516179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653073/; classtype:trojan-activity;sid:84516173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-05-24/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653069/; classtype:trojan-activity;sid:84516169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653066/; classtype:trojan-activity;sid:84516166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-10-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653056/; classtype:trojan-activity;sid:84516156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653054/; classtype:trojan-activity;sid:84516154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653051/; classtype:trojan-activity;sid:84516151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653047/; classtype:trojan-activity;sid:84516147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-05-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653049/; classtype:trojan-activity;sid:84516149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653044/; classtype:trojan-activity;sid:84516144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653041/; classtype:trojan-activity;sid:84516141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653038/; classtype:trojan-activity;sid:84516138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-07-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653029/; classtype:trojan-activity;sid:84516129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653025/; classtype:trojan-activity;sid:84516125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653016/; classtype:trojan-activity;sid:84516116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653021/; classtype:trojan-activity;sid:84516121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653013/; classtype:trojan-activity;sid:84516113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-02-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653011/; classtype:trojan-activity;sid:84516111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-04-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652999/; classtype:trojan-activity;sid:84516099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653004/; classtype:trojan-activity;sid:84516104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652998/; classtype:trojan-activity;sid:84516098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652994/; classtype:trojan-activity;sid:84516094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652988/; classtype:trojan-activity;sid:84516088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652989)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652989/; classtype:trojan-activity;sid:84516089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652985/; classtype:trojan-activity;sid:84516085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652980/; classtype:trojan-activity;sid:84516080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652976/; classtype:trojan-activity;sid:84516076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652977/; classtype:trojan-activity;sid:84516077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652970/; classtype:trojan-activity;sid:84516070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652962/; classtype:trojan-activity;sid:84516062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652960/; classtype:trojan-activity;sid:84516060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652954/; classtype:trojan-activity;sid:84516054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652953/; classtype:trojan-activity;sid:84516053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652940/; classtype:trojan-activity;sid:84516040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652935/; classtype:trojan-activity;sid:84516035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652932/; classtype:trojan-activity;sid:84516032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652933/; classtype:trojan-activity;sid:84516033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652926/; classtype:trojan-activity;sid:84516026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652923/; classtype:trojan-activity;sid:84516023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652921/; classtype:trojan-activity;sid:84516021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652919/; classtype:trojan-activity;sid:84516019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652920)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652920/; classtype:trojan-activity;sid:84516020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652895/; classtype:trojan-activity;sid:84515995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652869/; classtype:trojan-activity;sid:84515969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652865/; classtype:trojan-activity;sid:84515965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652846/; classtype:trojan-activity;sid:84515946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652851)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652851/; classtype:trojan-activity;sid:84515951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652843)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652843/; classtype:trojan-activity;sid:84515943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652837/; classtype:trojan-activity;sid:84515937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652821/; classtype:trojan-activity;sid:84515921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652803/; classtype:trojan-activity;sid:84515903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652789/; classtype:trojan-activity;sid:84515889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652777/; classtype:trojan-activity;sid:84515877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652776/; classtype:trojan-activity;sid:84515876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652772/; classtype:trojan-activity;sid:84515872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-08-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652767/; classtype:trojan-activity;sid:84515867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652725/; classtype:trojan-activity;sid:84515825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652723/; classtype:trojan-activity;sid:84515823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652718/; classtype:trojan-activity;sid:84515818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652719/; classtype:trojan-activity;sid:84515819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652720/; classtype:trojan-activity;sid:84515820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652721/; classtype:trojan-activity;sid:84515821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652717/; classtype:trojan-activity;sid:84515817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652705)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652705/; classtype:trojan-activity;sid:84515805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652707/; classtype:trojan-activity;sid:84515807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-09-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652702/; classtype:trojan-activity;sid:84515802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652696/; classtype:trojan-activity;sid:84515796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652692/; classtype:trojan-activity;sid:84515792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652683/; classtype:trojan-activity;sid:84515783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652675/; classtype:trojan-activity;sid:84515775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652645)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652645/; classtype:trojan-activity;sid:84515745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-05-13/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652637/; classtype:trojan-activity;sid:84515737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-03-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652640/; classtype:trojan-activity;sid:84515740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652636/; classtype:trojan-activity;sid:84515736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652629/; classtype:trojan-activity;sid:84515729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652618)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652618/; classtype:trojan-activity;sid:84515718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652617/; classtype:trojan-activity;sid:84515717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652593/; classtype:trojan-activity;sid:84515693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-30/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652591/; classtype:trojan-activity;sid:84515691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652578/; classtype:trojan-activity;sid:84515678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652573/; classtype:trojan-activity;sid:84515673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652564)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652564/; classtype:trojan-activity;sid:84515664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652486)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652486/; classtype:trojan-activity;sid:84515586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-11-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652485/; classtype:trojan-activity;sid:84515585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652483/; classtype:trojan-activity;sid:84515583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652484)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652484/; classtype:trojan-activity;sid:84515584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652482/; classtype:trojan-activity;sid:84515582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652481)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652481/; classtype:trojan-activity;sid:84515581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652480)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652480/; classtype:trojan-activity;sid:84515580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652478)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652478/; classtype:trojan-activity;sid:84515578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652476)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-02-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652476/; classtype:trojan-activity;sid:84515576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652474/; classtype:trojan-activity;sid:84515574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652475)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652475/; classtype:trojan-activity;sid:84515575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652473)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652473/; classtype:trojan-activity;sid:84515573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652472)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-09-26/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652472/; classtype:trojan-activity;sid:84515572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652471/; classtype:trojan-activity;sid:84515571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652470/; classtype:trojan-activity;sid:84515570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652467/; classtype:trojan-activity;sid:84515567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652468/; classtype:trojan-activity;sid:84515568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652469)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652469/; classtype:trojan-activity;sid:84515569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652464)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652464/; classtype:trojan-activity;sid:84515564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-04-03/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652465/; classtype:trojan-activity;sid:84515565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652463)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652463/; classtype:trojan-activity;sid:84515563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652462)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652462/; classtype:trojan-activity;sid:84515562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652461/; classtype:trojan-activity;sid:84515561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652460)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652460/; classtype:trojan-activity;sid:84515560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652458)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652458/; classtype:trojan-activity;sid:84515558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652459)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652459/; classtype:trojan-activity;sid:84515559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652457)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652457/; classtype:trojan-activity;sid:84515557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-09-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652456/; classtype:trojan-activity;sid:84515556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652455)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652455/; classtype:trojan-activity;sid:84515555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-03-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652454/; classtype:trojan-activity;sid:84515554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652453)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652453/; classtype:trojan-activity;sid:84515553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652451)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-01-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652451/; classtype:trojan-activity;sid:84515551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652452)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652452/; classtype:trojan-activity;sid:84515552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652449)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652449/; classtype:trojan-activity;sid:84515549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652445)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652445/; classtype:trojan-activity;sid:84515545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652446)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652446/; classtype:trojan-activity;sid:84515546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652447)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652447/; classtype:trojan-activity;sid:84515547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652448)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652448/; classtype:trojan-activity;sid:84515548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652442)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652442/; classtype:trojan-activity;sid:84515542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652444)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652444/; classtype:trojan-activity;sid:84515544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652441)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652441/; classtype:trojan-activity;sid:84515541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652439)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652439/; classtype:trojan-activity;sid:84515539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652437)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652437/; classtype:trojan-activity;sid:84515537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652438)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652438/; classtype:trojan-activity;sid:84515538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652436)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652436/; classtype:trojan-activity;sid:84515536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652435)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652435/; classtype:trojan-activity;sid:84515535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652434)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652434/; classtype:trojan-activity;sid:84515534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652433)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652433/; classtype:trojan-activity;sid:84515533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652432)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652432/; classtype:trojan-activity;sid:84515532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652431)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652431/; classtype:trojan-activity;sid:84515531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652430)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652430/; classtype:trojan-activity;sid:84515530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652429)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652429/; classtype:trojan-activity;sid:84515529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652427/; classtype:trojan-activity;sid:84515527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-10-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652428/; classtype:trojan-activity;sid:84515528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652426/; classtype:trojan-activity;sid:84515526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652425)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652425/; classtype:trojan-activity;sid:84515525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652424/; classtype:trojan-activity;sid:84515524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652423)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652423/; classtype:trojan-activity;sid:84515523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-04-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652421/; classtype:trojan-activity;sid:84515521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652422/; classtype:trojan-activity;sid:84515522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652419)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652419/; classtype:trojan-activity;sid:84515519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652420)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652420/; classtype:trojan-activity;sid:84515520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652417)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652417/; classtype:trojan-activity;sid:84515517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652418)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652418/; classtype:trojan-activity;sid:84515518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652415)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652415/; classtype:trojan-activity;sid:84515515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-12-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652416/; classtype:trojan-activity;sid:84515516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652414/; classtype:trojan-activity;sid:84515514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652413)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652413/; classtype:trojan-activity;sid:84515513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652412)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652412/; classtype:trojan-activity;sid:84515512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652411/; classtype:trojan-activity;sid:84515511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652408/; classtype:trojan-activity;sid:84515508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652404)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652404/; classtype:trojan-activity;sid:84515504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652407)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652407/; classtype:trojan-activity;sid:84515507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652402)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652402/; classtype:trojan-activity;sid:84515502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652403)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652403/; classtype:trojan-activity;sid:84515503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652401)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652401/; classtype:trojan-activity;sid:84515501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652399)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652399/; classtype:trojan-activity;sid:84515499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652400)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652400/; classtype:trojan-activity;sid:84515500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652397/; classtype:trojan-activity;sid:84515497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652398)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652398/; classtype:trojan-activity;sid:84515498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652395/; classtype:trojan-activity;sid:84515495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652396)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-29/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652396/; classtype:trojan-activity;sid:84515496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-01-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652391/; classtype:trojan-activity;sid:84515491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652392/; classtype:trojan-activity;sid:84515492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652390/; classtype:trojan-activity;sid:84515490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652389/; classtype:trojan-activity;sid:84515489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652386)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652386/; classtype:trojan-activity;sid:84515486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652387/; classtype:trojan-activity;sid:84515487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-11-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652384/; classtype:trojan-activity;sid:84515484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652383/; classtype:trojan-activity;sid:84515483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652380/; classtype:trojan-activity;sid:84515480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652381)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652381/; classtype:trojan-activity;sid:84515481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652382/; classtype:trojan-activity;sid:84515482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652377)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652377/; classtype:trojan-activity;sid:84515477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652378)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652378/; classtype:trojan-activity;sid:84515478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652376)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652376/; classtype:trojan-activity;sid:84515476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652375)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652375/; classtype:trojan-activity;sid:84515475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652373)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652373/; classtype:trojan-activity;sid:84515473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652374/; classtype:trojan-activity;sid:84515474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-05-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652372/; classtype:trojan-activity;sid:84515472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652371/; classtype:trojan-activity;sid:84515471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652370/; classtype:trojan-activity;sid:84515470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652368/; classtype:trojan-activity;sid:84515468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652369)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652369/; classtype:trojan-activity;sid:84515469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652367)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-02-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652367/; classtype:trojan-activity;sid:84515467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652366/; classtype:trojan-activity;sid:84515466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652365/; classtype:trojan-activity;sid:84515465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652363/; classtype:trojan-activity;sid:84515463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652364/; classtype:trojan-activity;sid:84515464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-10-13/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652360/; classtype:trojan-activity;sid:84515460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652359)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652359/; classtype:trojan-activity;sid:84515459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652358)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-09-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652358/; classtype:trojan-activity;sid:84515458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652357)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652357/; classtype:trojan-activity;sid:84515457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652356)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652356/; classtype:trojan-activity;sid:84515456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652353/; classtype:trojan-activity;sid:84515453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652354)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652354/; classtype:trojan-activity;sid:84515454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652349)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652349/; classtype:trojan-activity;sid:84515449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652351)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652351/; classtype:trojan-activity;sid:84515451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652352/; classtype:trojan-activity;sid:84515452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652348)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652348/; classtype:trojan-activity;sid:84515448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652346/; classtype:trojan-activity;sid:84515446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652342)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-10-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652342/; classtype:trojan-activity;sid:84515442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652343/; classtype:trojan-activity;sid:84515443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652344)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652344/; classtype:trojan-activity;sid:84515444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652345/; classtype:trojan-activity;sid:84515445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652340/; classtype:trojan-activity;sid:84515440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652336)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652336/; classtype:trojan-activity;sid:84515436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652337)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652337/; classtype:trojan-activity;sid:84515437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652338/; classtype:trojan-activity;sid:84515438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652339)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652339/; classtype:trojan-activity;sid:84515439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652335)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652335/; classtype:trojan-activity;sid:84515435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652333)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652333/; classtype:trojan-activity;sid:84515433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652331/; classtype:trojan-activity;sid:84515431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652326)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652326/; classtype:trojan-activity;sid:84515426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652327/; classtype:trojan-activity;sid:84515427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652328)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652328/; classtype:trojan-activity;sid:84515428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652329)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652329/; classtype:trojan-activity;sid:84515429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652330)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-11-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652330/; classtype:trojan-activity;sid:84515430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652324)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-09-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652324/; classtype:trojan-activity;sid:84515424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652323)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652323/; classtype:trojan-activity;sid:84515423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652322)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652322/; classtype:trojan-activity;sid:84515422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652320)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652320/; classtype:trojan-activity;sid:84515420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-03-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652321/; classtype:trojan-activity;sid:84515421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652318)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652318/; classtype:trojan-activity;sid:84515418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652319)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652319/; classtype:trojan-activity;sid:84515419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652317)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652317/; classtype:trojan-activity;sid:84515417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652316)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652316/; classtype:trojan-activity;sid:84515416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652314)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652314/; classtype:trojan-activity;sid:84515414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652312)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652312/; classtype:trojan-activity;sid:84515412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652313)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-06-04/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652313/; classtype:trojan-activity;sid:84515413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652309/; classtype:trojan-activity;sid:84515409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652307)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652307/; classtype:trojan-activity;sid:84515407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652305/; classtype:trojan-activity;sid:84515405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652306/; classtype:trojan-activity;sid:84515406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652304/; classtype:trojan-activity;sid:84515404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652303/; classtype:trojan-activity;sid:84515403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652300/; classtype:trojan-activity;sid:84515400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652301)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-28/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652301/; classtype:trojan-activity;sid:84515401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652302)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652302/; classtype:trojan-activity;sid:84515402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652296)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-04-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652296/; classtype:trojan-activity;sid:84515396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652294)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652294/; classtype:trojan-activity;sid:84515394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652295)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652295/; classtype:trojan-activity;sid:84515395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652293/; classtype:trojan-activity;sid:84515393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-01-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652292/; classtype:trojan-activity;sid:84515392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-08-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652291/; classtype:trojan-activity;sid:84515391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652290/; classtype:trojan-activity;sid:84515390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652289/; classtype:trojan-activity;sid:84515389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652288/; classtype:trojan-activity;sid:84515388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652287)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652287/; classtype:trojan-activity;sid:84515387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652286/; classtype:trojan-activity;sid:84515386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652285/; classtype:trojan-activity;sid:84515385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-11-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652284/; classtype:trojan-activity;sid:84515384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652282)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652282/; classtype:trojan-activity;sid:84515382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652283)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652283/; classtype:trojan-activity;sid:84515383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652281/; classtype:trojan-activity;sid:84515381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652279)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652279/; classtype:trojan-activity;sid:84515379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652277)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652277/; classtype:trojan-activity;sid:84515377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652278/; classtype:trojan-activity;sid:84515378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652275)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652275/; classtype:trojan-activity;sid:84515375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652276/; classtype:trojan-activity;sid:84515376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652273)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652273/; classtype:trojan-activity;sid:84515373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652274/; classtype:trojan-activity;sid:84515374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652272)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652272/; classtype:trojan-activity;sid:84515372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652270/; classtype:trojan-activity;sid:84515370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652269)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-29/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652269/; classtype:trojan-activity;sid:84515369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652268)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652268/; classtype:trojan-activity;sid:84515368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652265)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652265/; classtype:trojan-activity;sid:84515365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652264)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652264/; classtype:trojan-activity;sid:84515364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652263)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652263/; classtype:trojan-activity;sid:84515363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652262)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652262/; classtype:trojan-activity;sid:84515362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652261/; classtype:trojan-activity;sid:84515361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652260)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652260/; classtype:trojan-activity;sid:84515360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652257/; classtype:trojan-activity;sid:84515357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652256)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652256/; classtype:trojan-activity;sid:84515356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652255)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652255/; classtype:trojan-activity;sid:84515355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-11-25/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652250/; classtype:trojan-activity;sid:84515350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652247/; classtype:trojan-activity;sid:84515347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652248)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652248/; classtype:trojan-activity;sid:84515348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652249)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652249/; classtype:trojan-activity;sid:84515349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652246)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652246/; classtype:trojan-activity;sid:84515346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652245)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652245/; classtype:trojan-activity;sid:84515345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652244/; classtype:trojan-activity;sid:84515344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652243/; classtype:trojan-activity;sid:84515343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652241)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652241/; classtype:trojan-activity;sid:84515341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652242/; classtype:trojan-activity;sid:84515342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652239/; classtype:trojan-activity;sid:84515339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652240)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652240/; classtype:trojan-activity;sid:84515340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652238/; classtype:trojan-activity;sid:84515338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652237)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652237/; classtype:trojan-activity;sid:84515337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652236)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-07-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652236/; classtype:trojan-activity;sid:84515336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652235)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652235/; classtype:trojan-activity;sid:84515335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652234)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-03-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652234/; classtype:trojan-activity;sid:84515334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652232)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652232/; classtype:trojan-activity;sid:84515332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652233/; classtype:trojan-activity;sid:84515333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652230)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652230/; classtype:trojan-activity;sid:84515330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652231/; classtype:trojan-activity;sid:84515331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652229)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652229/; classtype:trojan-activity;sid:84515329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652225)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-06-25/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652225/; classtype:trojan-activity;sid:84515325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652223)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652223/; classtype:trojan-activity;sid:84515323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652221)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652221/; classtype:trojan-activity;sid:84515321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652222/; classtype:trojan-activity;sid:84515322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652219)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652219/; classtype:trojan-activity;sid:84515319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652220/; classtype:trojan-activity;sid:84515320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652218)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652218/; classtype:trojan-activity;sid:84515318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652217)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652217/; classtype:trojan-activity;sid:84515317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652216)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652216/; classtype:trojan-activity;sid:84515316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652214/; classtype:trojan-activity;sid:84515314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-02-01/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652215/; classtype:trojan-activity;sid:84515315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652213/; classtype:trojan-activity;sid:84515313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652211)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652211/; classtype:trojan-activity;sid:84515311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652210)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652210/; classtype:trojan-activity;sid:84515310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652209/; classtype:trojan-activity;sid:84515309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652208)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652208/; classtype:trojan-activity;sid:84515308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652206)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652206/; classtype:trojan-activity;sid:84515306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652207)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652207/; classtype:trojan-activity;sid:84515307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652205/; classtype:trojan-activity;sid:84515305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652204/; classtype:trojan-activity;sid:84515304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652203)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652203/; classtype:trojan-activity;sid:84515303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652201)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652201/; classtype:trojan-activity;sid:84515301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652198)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652198/; classtype:trojan-activity;sid:84515298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652200)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652200/; classtype:trojan-activity;sid:84515300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652197)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652197/; classtype:trojan-activity;sid:84515297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652196/; classtype:trojan-activity;sid:84515296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652193)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652193/; classtype:trojan-activity;sid:84515293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652194)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652194/; classtype:trojan-activity;sid:84515294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652186/; classtype:trojan-activity;sid:84515286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652187/; classtype:trojan-activity;sid:84515287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652188/; classtype:trojan-activity;sid:84515288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652189/; classtype:trojan-activity;sid:84515289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652190)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-28/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652190/; classtype:trojan-activity;sid:84515290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652191/; classtype:trojan-activity;sid:84515291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652185)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652185/; classtype:trojan-activity;sid:84515285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652184)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652184/; classtype:trojan-activity;sid:84515284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652183/; classtype:trojan-activity;sid:84515283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652181/; classtype:trojan-activity;sid:84515281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652180/; classtype:trojan-activity;sid:84515280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652179/; classtype:trojan-activity;sid:84515279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652176/; classtype:trojan-activity;sid:84515276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652177/; classtype:trojan-activity;sid:84515277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652178/; classtype:trojan-activity;sid:84515278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652175)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652175/; classtype:trojan-activity;sid:84515275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652174)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652174/; classtype:trojan-activity;sid:84515274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652173/; classtype:trojan-activity;sid:84515273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652171/; classtype:trojan-activity;sid:84515271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652169/; classtype:trojan-activity;sid:84515269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652167/; classtype:trojan-activity;sid:84515267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652166/; classtype:trojan-activity;sid:84515266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652165/; classtype:trojan-activity;sid:84515265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652164)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652164/; classtype:trojan-activity;sid:84515264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652162/; classtype:trojan-activity;sid:84515262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652160/; classtype:trojan-activity;sid:84515260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652157)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652157/; classtype:trojan-activity;sid:84515257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652158/; classtype:trojan-activity;sid:84515258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652159/; classtype:trojan-activity;sid:84515259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652156/; classtype:trojan-activity;sid:84515256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652154)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652154/; classtype:trojan-activity;sid:84515254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652152)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652152/; classtype:trojan-activity;sid:84515252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652153)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652153/; classtype:trojan-activity;sid:84515253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652151/; classtype:trojan-activity;sid:84515251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652150/; classtype:trojan-activity;sid:84515250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652147)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652147/; classtype:trojan-activity;sid:84515247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652149/; classtype:trojan-activity;sid:84515249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652144/; classtype:trojan-activity;sid:84515244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652145/; classtype:trojan-activity;sid:84515245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652146/; classtype:trojan-activity;sid:84515246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652141)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652141/; classtype:trojan-activity;sid:84515241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652143/; classtype:trojan-activity;sid:84515243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652138/; classtype:trojan-activity;sid:84515238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652140/; classtype:trojan-activity;sid:84515240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652136/; classtype:trojan-activity;sid:84515236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652137/; classtype:trojan-activity;sid:84515237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652135/; classtype:trojan-activity;sid:84515235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652132)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652132/; classtype:trojan-activity;sid:84515232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652134)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652134/; classtype:trojan-activity;sid:84515234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652128/; classtype:trojan-activity;sid:84515228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652129/; classtype:trojan-activity;sid:84515229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652130/; classtype:trojan-activity;sid:84515230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652131/; classtype:trojan-activity;sid:84515231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652126)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652126/; classtype:trojan-activity;sid:84515226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652122/; classtype:trojan-activity;sid:84515222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652124/; classtype:trojan-activity;sid:84515224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-03-24/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652121/; classtype:trojan-activity;sid:84515221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652120/; classtype:trojan-activity;sid:84515220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652119/; classtype:trojan-activity;sid:84515219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652112/; classtype:trojan-activity;sid:84515212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652113/; classtype:trojan-activity;sid:84515213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652114/; classtype:trojan-activity;sid:84515214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652115/; classtype:trojan-activity;sid:84515215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652116/; classtype:trojan-activity;sid:84515216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652118/; classtype:trojan-activity;sid:84515218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652108/; classtype:trojan-activity;sid:84515208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652109)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652109/; classtype:trojan-activity;sid:84515209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-11-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652110/; classtype:trojan-activity;sid:84515210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652111/; classtype:trojan-activity;sid:84515211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652107/; classtype:trojan-activity;sid:84515207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652105/; classtype:trojan-activity;sid:84515205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652106/; classtype:trojan-activity;sid:84515206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652103/; classtype:trojan-activity;sid:84515203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652104/; classtype:trojan-activity;sid:84515204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652101/; classtype:trojan-activity;sid:84515201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-10-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652099/; classtype:trojan-activity;sid:84515199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652100)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652100/; classtype:trojan-activity;sid:84515200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652098/; classtype:trojan-activity;sid:84515198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652097/; classtype:trojan-activity;sid:84515197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652095/; classtype:trojan-activity;sid:84515195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-04-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652094/; classtype:trojan-activity;sid:84515194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652091/; classtype:trojan-activity;sid:84515191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652092/; classtype:trojan-activity;sid:84515192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652090/; classtype:trojan-activity;sid:84515190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-01-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652084/; classtype:trojan-activity;sid:84515184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-05-24/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652086/; classtype:trojan-activity;sid:84515186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-12-27/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652088/; classtype:trojan-activity;sid:84515188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652089/; classtype:trojan-activity;sid:84515189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-08-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652082/; classtype:trojan-activity;sid:84515182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652083/; classtype:trojan-activity;sid:84515183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652078/; classtype:trojan-activity;sid:84515178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-03-17/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652079/; classtype:trojan-activity;sid:84515179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652075/; classtype:trojan-activity;sid:84515175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652076/; classtype:trojan-activity;sid:84515176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652077/; classtype:trojan-activity;sid:84515177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652070/; classtype:trojan-activity;sid:84515170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652071/; classtype:trojan-activity;sid:84515171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-11-23/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652067/; classtype:trojan-activity;sid:84515167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652068/; classtype:trojan-activity;sid:84515168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652060/; classtype:trojan-activity;sid:84515160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-10-24/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652061/; classtype:trojan-activity;sid:84515161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-27/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652063/; classtype:trojan-activity;sid:84515163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652064/; classtype:trojan-activity;sid:84515164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-11-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652065/; classtype:trojan-activity;sid:84515165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652066/; classtype:trojan-activity;sid:84515166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652057/; classtype:trojan-activity;sid:84515157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652058/; classtype:trojan-activity;sid:84515158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652054/; classtype:trojan-activity;sid:84515154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-08-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652048/; classtype:trojan-activity;sid:84515148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652049/; classtype:trojan-activity;sid:84515149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652050/; classtype:trojan-activity;sid:84515150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652051/; classtype:trojan-activity;sid:84515151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652052/; classtype:trojan-activity;sid:84515152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-02-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652045/; classtype:trojan-activity;sid:84515145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-06-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652046/; classtype:trojan-activity;sid:84515146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652042/; classtype:trojan-activity;sid:84515142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652043/; classtype:trojan-activity;sid:84515143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652041/; classtype:trojan-activity;sid:84515141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652039/; classtype:trojan-activity;sid:84515139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652040)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-07-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652040/; classtype:trojan-activity;sid:84515140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652036/; classtype:trojan-activity;sid:84515136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652037/; classtype:trojan-activity;sid:84515137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652038/; classtype:trojan-activity;sid:84515138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652034/; classtype:trojan-activity;sid:84515134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652025/; classtype:trojan-activity;sid:84515125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652026/; classtype:trojan-activity;sid:84515126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652027/; classtype:trojan-activity;sid:84515127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652028/; classtype:trojan-activity;sid:84515128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652029/; classtype:trojan-activity;sid:84515129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652030/; classtype:trojan-activity;sid:84515130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652031/; classtype:trojan-activity;sid:84515131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-07-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652024/; classtype:trojan-activity;sid:84515124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652023/; classtype:trojan-activity;sid:84515123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652022/; classtype:trojan-activity;sid:84515122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652021/; classtype:trojan-activity;sid:84515121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652014/; classtype:trojan-activity;sid:84515114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652015/; classtype:trojan-activity;sid:84515115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652016/; classtype:trojan-activity;sid:84515116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652017/; classtype:trojan-activity;sid:84515117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652018)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-06-14/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652018/; classtype:trojan-activity;sid:84515118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652019/; classtype:trojan-activity;sid:84515119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652020/; classtype:trojan-activity;sid:84515120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-18/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652012/; classtype:trojan-activity;sid:84515112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652013/; classtype:trojan-activity;sid:84515113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652007/; classtype:trojan-activity;sid:84515107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652008/; classtype:trojan-activity;sid:84515108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652009)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-04-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652009/; classtype:trojan-activity;sid:84515109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652010)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652010/; classtype:trojan-activity;sid:84515110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652005/; classtype:trojan-activity;sid:84515105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652006)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-03-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652006/; classtype:trojan-activity;sid:84515106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652003/; classtype:trojan-activity;sid:84515103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652002/; classtype:trojan-activity;sid:84515102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652000)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652000/; classtype:trojan-activity;sid:84515100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651998/; classtype:trojan-activity;sid:84515098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651999/; classtype:trojan-activity;sid:84515099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651993/; classtype:trojan-activity;sid:84515093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651994/; classtype:trojan-activity;sid:84515094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651995/; classtype:trojan-activity;sid:84515095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651996/; classtype:trojan-activity;sid:84515096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651997/; classtype:trojan-activity;sid:84515097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651991/; classtype:trojan-activity;sid:84515091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651992/; classtype:trojan-activity;sid:84515092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651989)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651989/; classtype:trojan-activity;sid:84515089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651990/; classtype:trojan-activity;sid:84515090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651987/; classtype:trojan-activity;sid:84515087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651981/; classtype:trojan-activity;sid:84515081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-02/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651982/; classtype:trojan-activity;sid:84515082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651983)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651983/; classtype:trojan-activity;sid:84515083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651985/; classtype:trojan-activity;sid:84515085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-08-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651986/; classtype:trojan-activity;sid:84515086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651978/; classtype:trojan-activity;sid:84515078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651980/; classtype:trojan-activity;sid:84515080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651969)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-03-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651969/; classtype:trojan-activity;sid:84515069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651970/; classtype:trojan-activity;sid:84515070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-07-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651971/; classtype:trojan-activity;sid:84515071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651972/; classtype:trojan-activity;sid:84515072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651973/; classtype:trojan-activity;sid:84515073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651974)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651974/; classtype:trojan-activity;sid:84515074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651975/; classtype:trojan-activity;sid:84515075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651976/; classtype:trojan-activity;sid:84515076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651977/; classtype:trojan-activity;sid:84515077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651967)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651967/; classtype:trojan-activity;sid:84515067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651968/; classtype:trojan-activity;sid:84515068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651965)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651965/; classtype:trojan-activity;sid:84515065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651966/; classtype:trojan-activity;sid:84515066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651963/; classtype:trojan-activity;sid:84515063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-09-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651964/; classtype:trojan-activity;sid:84515064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651959/; classtype:trojan-activity;sid:84515059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651960/; classtype:trojan-activity;sid:84515060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651961/; classtype:trojan-activity;sid:84515061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651962/; classtype:trojan-activity;sid:84515062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651958/; classtype:trojan-activity;sid:84515058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651956/; classtype:trojan-activity;sid:84515056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651957/; classtype:trojan-activity;sid:84515057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651955/; classtype:trojan-activity;sid:84515055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651954/; classtype:trojan-activity;sid:84515054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651952/; classtype:trojan-activity;sid:84515052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651953/; classtype:trojan-activity;sid:84515053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651951)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651951/; classtype:trojan-activity;sid:84515051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651949/; classtype:trojan-activity;sid:84515049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651950)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651950/; classtype:trojan-activity;sid:84515050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651944/; classtype:trojan-activity;sid:84515044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651945/; classtype:trojan-activity;sid:84515045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651946)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/9929/11032020101348/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651946/; classtype:trojan-activity;sid:84515046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651947)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-09-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651947/; classtype:trojan-activity;sid:84515047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651948)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651948/; classtype:trojan-activity;sid:84515048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651942/; classtype:trojan-activity;sid:84515042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651937/; classtype:trojan-activity;sid:84515037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651938)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651938/; classtype:trojan-activity;sid:84515038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651939/; classtype:trojan-activity;sid:84515039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651941/; classtype:trojan-activity;sid:84515041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651933/; classtype:trojan-activity;sid:84515033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-10-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651934/; classtype:trojan-activity;sid:84515034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651935/; classtype:trojan-activity;sid:84515035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-01-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651936/; classtype:trojan-activity;sid:84515036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651931/; classtype:trojan-activity;sid:84515031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651932/; classtype:trojan-activity;sid:84515032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651930/; classtype:trojan-activity;sid:84515030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651928/; classtype:trojan-activity;sid:84515028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651929)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651929/; classtype:trojan-activity;sid:84515029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-18/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651926/; classtype:trojan-activity;sid:84515026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651927/; classtype:trojan-activity;sid:84515027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651921/; classtype:trojan-activity;sid:84515021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651922/; classtype:trojan-activity;sid:84515022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651923/; classtype:trojan-activity;sid:84515023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651924)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651924/; classtype:trojan-activity;sid:84515024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651925)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651925/; classtype:trojan-activity;sid:84515025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651915)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651915/; classtype:trojan-activity;sid:84515015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651916)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651916/; classtype:trojan-activity;sid:84515016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651917)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651917/; classtype:trojan-activity;sid:84515017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651913/; classtype:trojan-activity;sid:84515013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651914/; classtype:trojan-activity;sid:84515014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-12-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651909/; classtype:trojan-activity;sid:84515009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-22/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651910/; classtype:trojan-activity;sid:84515010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651912/; classtype:trojan-activity;sid:84515012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651905/; classtype:trojan-activity;sid:84515005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651906)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651906/; classtype:trojan-activity;sid:84515006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651907)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651907/; classtype:trojan-activity;sid:84515007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651901)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651901/; classtype:trojan-activity;sid:84515001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-11-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651902/; classtype:trojan-activity;sid:84515002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651899/; classtype:trojan-activity;sid:84514999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-09-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651896/; classtype:trojan-activity;sid:84514996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651897/; classtype:trojan-activity;sid:84514997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651898)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651898/; classtype:trojan-activity;sid:84514998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651894/; classtype:trojan-activity;sid:84514994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651895/; classtype:trojan-activity;sid:84514995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160618/td00000000000000159843/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651892/; classtype:trojan-activity;sid:84514992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651893/; classtype:trojan-activity;sid:84514993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651890)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651890/; classtype:trojan-activity;sid:84514990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651891)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651891/; classtype:trojan-activity;sid:84514991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651887/; classtype:trojan-activity;sid:84514987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651888/; classtype:trojan-activity;sid:84514988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651889)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651889/; classtype:trojan-activity;sid:84514989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651883/; classtype:trojan-activity;sid:84514983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651884/; classtype:trojan-activity;sid:84514984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-07-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651885/; classtype:trojan-activity;sid:84514985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651881/; classtype:trojan-activity;sid:84514981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651882/; classtype:trojan-activity;sid:84514982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651877/; classtype:trojan-activity;sid:84514977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651878/; classtype:trojan-activity;sid:84514978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651874/; classtype:trojan-activity;sid:84514974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651876/; classtype:trojan-activity;sid:84514976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-12-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651867/; classtype:trojan-activity;sid:84514967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651868/; classtype:trojan-activity;sid:84514968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651869/; classtype:trojan-activity;sid:84514969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-04-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651870/; classtype:trojan-activity;sid:84514970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651871)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651871/; classtype:trojan-activity;sid:84514971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651872/; classtype:trojan-activity;sid:84514972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651865/; classtype:trojan-activity;sid:84514965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651861/; classtype:trojan-activity;sid:84514961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651862/; classtype:trojan-activity;sid:84514962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651863/; classtype:trojan-activity;sid:84514963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651864/; classtype:trojan-activity;sid:84514964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651859/; classtype:trojan-activity;sid:84514959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651860/; classtype:trojan-activity;sid:84514960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651857)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651857/; classtype:trojan-activity;sid:84514957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651855/; classtype:trojan-activity;sid:84514955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651854/; classtype:trojan-activity;sid:84514954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651852/; classtype:trojan-activity;sid:84514952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651853/; classtype:trojan-activity;sid:84514953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651849/; classtype:trojan-activity;sid:84514949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651850/; classtype:trojan-activity;sid:84514950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651848)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-31/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651848/; classtype:trojan-activity;sid:84514948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651847)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651847/; classtype:trojan-activity;sid:84514947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651845/; classtype:trojan-activity;sid:84514945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651846/; classtype:trojan-activity;sid:84514946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651844)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651844/; classtype:trojan-activity;sid:84514944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651836/; classtype:trojan-activity;sid:84514936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651837/; classtype:trojan-activity;sid:84514937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651839/; classtype:trojan-activity;sid:84514939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651840)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651840/; classtype:trojan-activity;sid:84514940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651841/; classtype:trojan-activity;sid:84514941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651842)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651842/; classtype:trojan-activity;sid:84514942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651834)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651834/; classtype:trojan-activity;sid:84514934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651835)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651835/; classtype:trojan-activity;sid:84514935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651832/; classtype:trojan-activity;sid:84514932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651833/; classtype:trojan-activity;sid:84514933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-07-01/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651829/; classtype:trojan-activity;sid:84514929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651830/; classtype:trojan-activity;sid:84514930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651827)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-11-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651827/; classtype:trojan-activity;sid:84514927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651822)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651822/; classtype:trojan-activity;sid:84514922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651823/; classtype:trojan-activity;sid:84514923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651824/; classtype:trojan-activity;sid:84514924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651825/; classtype:trojan-activity;sid:84514925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651826/; classtype:trojan-activity;sid:84514926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-05-27/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651820/; classtype:trojan-activity;sid:84514920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651821/; classtype:trojan-activity;sid:84514921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651819/; classtype:trojan-activity;sid:84514919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651813)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651813/; classtype:trojan-activity;sid:84514913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651814)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651814/; classtype:trojan-activity;sid:84514914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-01-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651815/; classtype:trojan-activity;sid:84514915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651816)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651816/; classtype:trojan-activity;sid:84514916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651817)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651817/; classtype:trojan-activity;sid:84514917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651818/; classtype:trojan-activity;sid:84514918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651810/; classtype:trojan-activity;sid:84514910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651811/; classtype:trojan-activity;sid:84514911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-10-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651812/; classtype:trojan-activity;sid:84514912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651808)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651808/; classtype:trojan-activity;sid:84514908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651806/; classtype:trojan-activity;sid:84514906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651807)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651807/; classtype:trojan-activity;sid:84514907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-06-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651802/; classtype:trojan-activity;sid:84514902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-06-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651803/; classtype:trojan-activity;sid:84514903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651804/; classtype:trojan-activity;sid:84514904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651805)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651805/; classtype:trojan-activity;sid:84514905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651801/; classtype:trojan-activity;sid:84514901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651798/; classtype:trojan-activity;sid:84514898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651796/; classtype:trojan-activity;sid:84514896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-02-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651797/; classtype:trojan-activity;sid:84514897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651790/; classtype:trojan-activity;sid:84514890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651792)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651792/; classtype:trojan-activity;sid:84514892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168897/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651789/; classtype:trojan-activity;sid:84514889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651787/; classtype:trojan-activity;sid:84514887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651782/; classtype:trojan-activity;sid:84514882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651783/; classtype:trojan-activity;sid:84514883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651785/; classtype:trojan-activity;sid:84514885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651786)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651786/; classtype:trojan-activity;sid:84514886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651777/; classtype:trojan-activity;sid:84514877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651778/; classtype:trojan-activity;sid:84514878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651780/; classtype:trojan-activity;sid:84514880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651781/; classtype:trojan-activity;sid:84514881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651774)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651774/; classtype:trojan-activity;sid:84514874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-11-22/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651775/; classtype:trojan-activity;sid:84514875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651776/; classtype:trojan-activity;sid:84514876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651770/; classtype:trojan-activity;sid:84514870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651771/; classtype:trojan-activity;sid:84514871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651772/; classtype:trojan-activity;sid:84514872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651773)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651773/; classtype:trojan-activity;sid:84514873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-11-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651768/; classtype:trojan-activity;sid:84514868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651769/; classtype:trojan-activity;sid:84514869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651766/; classtype:trojan-activity;sid:84514866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651767/; classtype:trojan-activity;sid:84514867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651763)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-03-15/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651763/; classtype:trojan-activity;sid:84514863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651765)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651765/; classtype:trojan-activity;sid:84514865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651760/; classtype:trojan-activity;sid:84514860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-01/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651761/; classtype:trojan-activity;sid:84514861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651762/; classtype:trojan-activity;sid:84514862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651755/; classtype:trojan-activity;sid:84514855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651756)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651756/; classtype:trojan-activity;sid:84514856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651757/; classtype:trojan-activity;sid:84514857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651758/; classtype:trojan-activity;sid:84514858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651759/; classtype:trojan-activity;sid:84514859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651753/; classtype:trojan-activity;sid:84514853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-09-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651754/; classtype:trojan-activity;sid:84514854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651751/; classtype:trojan-activity;sid:84514851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651752)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651752/; classtype:trojan-activity;sid:84514852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651750/; classtype:trojan-activity;sid:84514850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651741/; classtype:trojan-activity;sid:84514841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651744/; classtype:trojan-activity;sid:84514844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651745/; classtype:trojan-activity;sid:84514845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651746/; classtype:trojan-activity;sid:84514846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651747)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651747/; classtype:trojan-activity;sid:84514847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/homologa%c3%a7%c3%a3o/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651748/; classtype:trojan-activity;sid:84514848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651740)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651740/; classtype:trojan-activity;sid:84514840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651734/; classtype:trojan-activity;sid:84514834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651735/; classtype:trojan-activity;sid:84514835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-08-28/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651736/; classtype:trojan-activity;sid:84514836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651739)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651739/; classtype:trojan-activity;sid:84514839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651730/; classtype:trojan-activity;sid:84514830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651732)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651732/; classtype:trojan-activity;sid:84514832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651729/; classtype:trojan-activity;sid:84514829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651728/; classtype:trojan-activity;sid:84514828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-12-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651726/; classtype:trojan-activity;sid:84514826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651727)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-01-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651727/; classtype:trojan-activity;sid:84514827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-12-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651725/; classtype:trojan-activity;sid:84514825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651720/; classtype:trojan-activity;sid:84514820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651721/; classtype:trojan-activity;sid:84514821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651722/; classtype:trojan-activity;sid:84514822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-04-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651723/; classtype:trojan-activity;sid:84514823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651724/; classtype:trojan-activity;sid:84514824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651717/; classtype:trojan-activity;sid:84514817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651718/; classtype:trojan-activity;sid:84514818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651716/; classtype:trojan-activity;sid:84514816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651715)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651715/; classtype:trojan-activity;sid:84514815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651713)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651713/; classtype:trojan-activity;sid:84514813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651714/; classtype:trojan-activity;sid:84514814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651710/; classtype:trojan-activity;sid:84514810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651711/; classtype:trojan-activity;sid:84514811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651709)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651709/; classtype:trojan-activity;sid:84514809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651707/; classtype:trojan-activity;sid:84514807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651708/; classtype:trojan-activity;sid:84514808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651705)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651705/; classtype:trojan-activity;sid:84514805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651706)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651706/; classtype:trojan-activity;sid:84514806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651700/; classtype:trojan-activity;sid:84514800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651701/; classtype:trojan-activity;sid:84514801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651702/; classtype:trojan-activity;sid:84514802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651703/; classtype:trojan-activity;sid:84514803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651695/; classtype:trojan-activity;sid:84514795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651697/; classtype:trojan-activity;sid:84514797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651693/; classtype:trojan-activity;sid:84514793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651691)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651691/; classtype:trojan-activity;sid:84514791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651692/; classtype:trojan-activity;sid:84514792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651687/; classtype:trojan-activity;sid:84514787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651688)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651688/; classtype:trojan-activity;sid:84514788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651689/; classtype:trojan-activity;sid:84514789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651690/; classtype:trojan-activity;sid:84514790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651685)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651685/; classtype:trojan-activity;sid:84514785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651682/; classtype:trojan-activity;sid:84514782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651683/; classtype:trojan-activity;sid:84514783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651681/; classtype:trojan-activity;sid:84514781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651680)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-02-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651680/; classtype:trojan-activity;sid:84514780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651679/; classtype:trojan-activity;sid:84514779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651675/; classtype:trojan-activity;sid:84514775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651677/; classtype:trojan-activity;sid:84514777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651668)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-22/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651668/; classtype:trojan-activity;sid:84514768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651669/; classtype:trojan-activity;sid:84514769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-02-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651670/; classtype:trojan-activity;sid:84514770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651671/; classtype:trojan-activity;sid:84514771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651667/; classtype:trojan-activity;sid:84514767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651663/; classtype:trojan-activity;sid:84514763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-11-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651665/; classtype:trojan-activity;sid:84514765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651666)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651666/; classtype:trojan-activity;sid:84514766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651655/; classtype:trojan-activity;sid:84514755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-23/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651656/; classtype:trojan-activity;sid:84514756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651657)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651657/; classtype:trojan-activity;sid:84514757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651658)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651658/; classtype:trojan-activity;sid:84514758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651659/; classtype:trojan-activity;sid:84514759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651661)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651661/; classtype:trojan-activity;sid:84514761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651650/; classtype:trojan-activity;sid:84514750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651651)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-06-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651651/; classtype:trojan-activity;sid:84514751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651652)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651652/; classtype:trojan-activity;sid:84514752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651653/; classtype:trojan-activity;sid:84514753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651654)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651654/; classtype:trojan-activity;sid:84514754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651645)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651645/; classtype:trojan-activity;sid:84514745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651646)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651646/; classtype:trojan-activity;sid:84514746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-09-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651647/; classtype:trojan-activity;sid:84514747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651648)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651648/; classtype:trojan-activity;sid:84514748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651649/; classtype:trojan-activity;sid:84514749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651639)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651639/; classtype:trojan-activity;sid:84514739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651640/; classtype:trojan-activity;sid:84514740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651641)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651641/; classtype:trojan-activity;sid:84514741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651642)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651642/; classtype:trojan-activity;sid:84514742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651643/; classtype:trojan-activity;sid:84514743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651644)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-05-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651644/; classtype:trojan-activity;sid:84514744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-16/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651633/; classtype:trojan-activity;sid:84514733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651634)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651634/; classtype:trojan-activity;sid:84514734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651635/; classtype:trojan-activity;sid:84514735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-05-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651636/; classtype:trojan-activity;sid:84514736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651637/; classtype:trojan-activity;sid:84514737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651638/; classtype:trojan-activity;sid:84514738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651629/; classtype:trojan-activity;sid:84514729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-06-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651630/; classtype:trojan-activity;sid:84514730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651631)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651631/; classtype:trojan-activity;sid:84514731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651628)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651628/; classtype:trojan-activity;sid:84514728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651622/; classtype:trojan-activity;sid:84514722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-07-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651623/; classtype:trojan-activity;sid:84514723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651624)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651624/; classtype:trojan-activity;sid:84514724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-04-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651625/; classtype:trojan-activity;sid:84514725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651627)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651627/; classtype:trojan-activity;sid:84514727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651620)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651620/; classtype:trojan-activity;sid:84514720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651621)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651621/; classtype:trojan-activity;sid:84514721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651619)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651619/; classtype:trojan-activity;sid:84514719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651617/; classtype:trojan-activity;sid:84514717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651616)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651616/; classtype:trojan-activity;sid:84514716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651615)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651615/; classtype:trojan-activity;sid:84514715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651614)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651614/; classtype:trojan-activity;sid:84514714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651613/; classtype:trojan-activity;sid:84514713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651611/; classtype:trojan-activity;sid:84514711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651608)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651608/; classtype:trojan-activity;sid:84514708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651609)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651609/; classtype:trojan-activity;sid:84514709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651605)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651605/; classtype:trojan-activity;sid:84514705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651603)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651603/; classtype:trojan-activity;sid:84514703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651604)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651604/; classtype:trojan-activity;sid:84514704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651598/; classtype:trojan-activity;sid:84514698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651600/; classtype:trojan-activity;sid:84514700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651601)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-11-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651601/; classtype:trojan-activity;sid:84514701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-14/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651602/; classtype:trojan-activity;sid:84514702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651591/; classtype:trojan-activity;sid:84514691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651592)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651592/; classtype:trojan-activity;sid:84514692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-07-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651593/; classtype:trojan-activity;sid:84514693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-10-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651594/; classtype:trojan-activity;sid:84514694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651595/; classtype:trojan-activity;sid:84514695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651597)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-02-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651597/; classtype:trojan-activity;sid:84514697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651588)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651588/; classtype:trojan-activity;sid:84514688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651589)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651589/; classtype:trojan-activity;sid:84514689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651590/; classtype:trojan-activity;sid:84514690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651583)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651583/; classtype:trojan-activity;sid:84514683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651584)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651584/; classtype:trojan-activity;sid:84514684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651585/; classtype:trojan-activity;sid:84514685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651586/; classtype:trojan-activity;sid:84514686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651582)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651582/; classtype:trojan-activity;sid:84514682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651580)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651580/; classtype:trojan-activity;sid:84514680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651581)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651581/; classtype:trojan-activity;sid:84514681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651579)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651579/; classtype:trojan-activity;sid:84514679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651577/; classtype:trojan-activity;sid:84514677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651578/; classtype:trojan-activity;sid:84514678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651574/; classtype:trojan-activity;sid:84514674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651575/; classtype:trojan-activity;sid:84514675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651576/; classtype:trojan-activity;sid:84514676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651570)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651570/; classtype:trojan-activity;sid:84514670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651571)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651571/; classtype:trojan-activity;sid:84514671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-08-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651567/; classtype:trojan-activity;sid:84514667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651568/; classtype:trojan-activity;sid:84514668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651565)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-05-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651565/; classtype:trojan-activity;sid:84514665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651566)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-05-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651566/; classtype:trojan-activity;sid:84514666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651564)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651564/; classtype:trojan-activity;sid:84514664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651562/; classtype:trojan-activity;sid:84514662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651563)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651563/; classtype:trojan-activity;sid:84514663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651560)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651560/; classtype:trojan-activity;sid:84514660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651561/; classtype:trojan-activity;sid:84514661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651558/; classtype:trojan-activity;sid:84514658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651559)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651559/; classtype:trojan-activity;sid:84514659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651553)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651553/; classtype:trojan-activity;sid:84514653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651554)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651554/; classtype:trojan-activity;sid:84514654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651555)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651555/; classtype:trojan-activity;sid:84514655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651557)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651557/; classtype:trojan-activity;sid:84514657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651548)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651548/; classtype:trojan-activity;sid:84514648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651549/; classtype:trojan-activity;sid:84514649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170596/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651550/; classtype:trojan-activity;sid:84514650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651551/; classtype:trojan-activity;sid:84514651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651552/; classtype:trojan-activity;sid:84514652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651545)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-07-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651545/; classtype:trojan-activity;sid:84514645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-04-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651546/; classtype:trojan-activity;sid:84514646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651539)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651539/; classtype:trojan-activity;sid:84514639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651542)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651542/; classtype:trojan-activity;sid:84514642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651544/; classtype:trojan-activity;sid:84514644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651532)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651532/; classtype:trojan-activity;sid:84514632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651533/; classtype:trojan-activity;sid:84514633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651534)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651534/; classtype:trojan-activity;sid:84514634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-07-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651535/; classtype:trojan-activity;sid:84514635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651536)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651536/; classtype:trojan-activity;sid:84514636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651530)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651530/; classtype:trojan-activity;sid:84514630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651529/; classtype:trojan-activity;sid:84514629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651527)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651527/; classtype:trojan-activity;sid:84514627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651526/; classtype:trojan-activity;sid:84514626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651525)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-02-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651525/; classtype:trojan-activity;sid:84514625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651524)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651524/; classtype:trojan-activity;sid:84514624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-01-26/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651521/; classtype:trojan-activity;sid:84514621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-11-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651522/; classtype:trojan-activity;sid:84514622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651523)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651523/; classtype:trojan-activity;sid:84514623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-05-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651520/; classtype:trojan-activity;sid:84514620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651519/; classtype:trojan-activity;sid:84514619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651516)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651516/; classtype:trojan-activity;sid:84514616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-01/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651517/; classtype:trojan-activity;sid:84514617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651518/; classtype:trojan-activity;sid:84514618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651515)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-04-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651515/; classtype:trojan-activity;sid:84514615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651512/; classtype:trojan-activity;sid:84514612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-11-27/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651513/; classtype:trojan-activity;sid:84514613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-02-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651514/; classtype:trojan-activity;sid:84514614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651511)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-09-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651511/; classtype:trojan-activity;sid:84514611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651509/; classtype:trojan-activity;sid:84514609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651510/; classtype:trojan-activity;sid:84514610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651506/; classtype:trojan-activity;sid:84514606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651507/; classtype:trojan-activity;sid:84514607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651508/; classtype:trojan-activity;sid:84514608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651504)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651504/; classtype:trojan-activity;sid:84514604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651505)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651505/; classtype:trojan-activity;sid:84514605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651502/; classtype:trojan-activity;sid:84514602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-05-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651503/; classtype:trojan-activity;sid:84514603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651494)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651494/; classtype:trojan-activity;sid:84514594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651481)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651481/; classtype:trojan-activity;sid:84514581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651477)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651477/; classtype:trojan-activity;sid:84514577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651476)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651476/; classtype:trojan-activity;sid:84514576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651475)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.39.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651475/; classtype:trojan-activity;sid:84514575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651304)"; flow:established,from_client; content:"GET"; http_method; content:"/download/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"47.104.31.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651304/; classtype:trojan-activity;sid:84514404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651202)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651202/; classtype:trojan-activity;sid:84514302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651196/; classtype:trojan-activity;sid:84514296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651195)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566431/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651195/; classtype:trojan-activity;sid:84514295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651192)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651192/; classtype:trojan-activity;sid:84514292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651188/; classtype:trojan-activity;sid:84514288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000225745/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651183/; classtype:trojan-activity;sid:84514283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651171/; classtype:trojan-activity;sid:84514271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651168)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585574/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651168/; classtype:trojan-activity;sid:84514268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567168/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651169/; classtype:trojan-activity;sid:84514269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171472/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651167/; classtype:trojan-activity;sid:84514267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170010/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651165/; classtype:trojan-activity;sid:84514265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651160/; classtype:trojan-activity;sid:84514260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-01-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651159/; classtype:trojan-activity;sid:84514259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651156/; classtype:trojan-activity;sid:84514256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651155/; classtype:trojan-activity;sid:84514255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165772/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651151/; classtype:trojan-activity;sid:84514251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651149/; classtype:trojan-activity;sid:84514249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-03-17/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651150/; classtype:trojan-activity;sid:84514250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651139)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170922/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651139/; classtype:trojan-activity;sid:84514239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651142)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651142/; classtype:trojan-activity;sid:84514242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603094/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651135/; classtype:trojan-activity;sid:84514235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171064/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651136/; classtype:trojan-activity;sid:84514236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603095/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651125/; classtype:trojan-activity;sid:84514225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-03-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651106/; classtype:trojan-activity;sid:84514206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651097)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.56.227.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651097/; classtype:trojan-activity;sid:84514197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651098/; classtype:trojan-activity;sid:84514198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171016/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651095/; classtype:trojan-activity;sid:84514195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651096/; classtype:trojan-activity;sid:84514196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-06/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651092/; classtype:trojan-activity;sid:84514192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000253230/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651090/; classtype:trojan-activity;sid:84514190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171252/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651088/; classtype:trojan-activity;sid:84514188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651084)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651084/; classtype:trojan-activity;sid:84514184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000189793/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651078/; classtype:trojan-activity;sid:84514178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651079/; classtype:trojan-activity;sid:84514179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651076)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651076/; classtype:trojan-activity;sid:84514176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-04-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651077/; classtype:trojan-activity;sid:84514177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651075)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651075/; classtype:trojan-activity;sid:84514175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604320/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651071/; classtype:trojan-activity;sid:84514171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651067/; classtype:trojan-activity;sid:84514167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2024-05-31/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651061/; classtype:trojan-activity;sid:84514161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651056/; classtype:trojan-activity;sid:84514156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651044/; classtype:trojan-activity;sid:84514144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000232289/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651041/; classtype:trojan-activity;sid:84514141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2021-01-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651037/; classtype:trojan-activity;sid:84514137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651031/; classtype:trojan-activity;sid:84514131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651028/; classtype:trojan-activity;sid:84514128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-11-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651022/; classtype:trojan-activity;sid:84514122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651020/; classtype:trojan-activity;sid:84514120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000186186/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651016/; classtype:trojan-activity;sid:84514116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164262/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651012/; classtype:trojan-activity;sid:84514112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169167/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651015/; classtype:trojan-activity;sid:84514115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000683762/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651011/; classtype:trojan-activity;sid:84514111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651006)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168339/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651006/; classtype:trojan-activity;sid:84514106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650999/; classtype:trojan-activity;sid:84514099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168881/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650998/; classtype:trojan-activity;sid:84514098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000602407/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650995/; classtype:trojan-activity;sid:84514095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000626337/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650993/; classtype:trojan-activity;sid:84514093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650991/; classtype:trojan-activity;sid:84514091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000565438/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650986/; classtype:trojan-activity;sid:84514086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-06-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650978/; classtype:trojan-activity;sid:84514078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000619269/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650968/; classtype:trojan-activity;sid:84514068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169465/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650963/; classtype:trojan-activity;sid:84514063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-01-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650961/; classtype:trojan-activity;sid:84514061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160983/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650959/; classtype:trojan-activity;sid:84514059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000179610/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650958/; classtype:trojan-activity;sid:84514058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165004/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650955/; classtype:trojan-activity;sid:84514055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-04-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650949/; classtype:trojan-activity;sid:84514049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-12-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650945/; classtype:trojan-activity;sid:84514045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600294/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650943/; classtype:trojan-activity;sid:84514043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000589083/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650940/; classtype:trojan-activity;sid:84514040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169469/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650939/; classtype:trojan-activity;sid:84514039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650938)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"172.251.160.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650938/; classtype:trojan-activity;sid:84514038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167445/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650934/; classtype:trojan-activity;sid:84514034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000608221/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650928/; classtype:trojan-activity;sid:84514028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650924)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168559/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650924/; classtype:trojan-activity;sid:84514024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650915)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000767154/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650915/; classtype:trojan-activity;sid:84514015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169966/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650912/; classtype:trojan-activity;sid:84514012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650913/; classtype:trojan-activity;sid:84514013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650909/; classtype:trojan-activity;sid:84514009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625892/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650902/; classtype:trojan-activity;sid:84514002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650903/; classtype:trojan-activity;sid:84514003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650904/; classtype:trojan-activity;sid:84514004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/app_error/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650900/; classtype:trojan-activity;sid:84514000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-11-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650897/; classtype:trojan-activity;sid:84513997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160599/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650887/; classtype:trojan-activity;sid:84513987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166747/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650884/; classtype:trojan-activity;sid:84513984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171986/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650886/; classtype:trojan-activity;sid:84513986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000555504/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650880/; classtype:trojan-activity;sid:84513980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000765366/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650881/; classtype:trojan-activity;sid:84513981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604319/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650870/; classtype:trojan-activity;sid:84513970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650869/; classtype:trojan-activity;sid:84513969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171330/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650868/; classtype:trojan-activity;sid:84513968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650863/; classtype:trojan-activity;sid:84513963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650862/; classtype:trojan-activity;sid:84513962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650861)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650861/; classtype:trojan-activity;sid:84513961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650859/; classtype:trojan-activity;sid:84513959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650857)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650857/; classtype:trojan-activity;sid:84513957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000621738/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650856/; classtype:trojan-activity;sid:84513956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165010/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650855/; classtype:trojan-activity;sid:84513955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650851)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650851/; classtype:trojan-activity;sid:84513951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168303/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650850/; classtype:trojan-activity;sid:84513950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650846)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"68.148.10.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650846/; classtype:trojan-activity;sid:84513946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650841/; classtype:trojan-activity;sid:84513941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650837)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650837/; classtype:trojan-activity;sid:84513937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650831/; classtype:trojan-activity;sid:84513931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-04-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650828/; classtype:trojan-activity;sid:84513928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650824/; classtype:trojan-activity;sid:84513924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650823/; classtype:trojan-activity;sid:84513923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-04-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650821/; classtype:trojan-activity;sid:84513921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000391039/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650820/; classtype:trojan-activity;sid:84513920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650817)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.67.39.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650817/; classtype:trojan-activity;sid:84513917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000574637/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650818/; classtype:trojan-activity;sid:84513918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650810)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650810/; classtype:trojan-activity;sid:84513910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650808)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650808/; classtype:trojan-activity;sid:84513908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650806/; classtype:trojan-activity;sid:84513906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-05-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650801/; classtype:trojan-activity;sid:84513901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601712/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650791/; classtype:trojan-activity;sid:84513891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650783/; classtype:trojan-activity;sid:84513883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650782/; classtype:trojan-activity;sid:84513882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650781/; classtype:trojan-activity;sid:84513881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164804/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650779/; classtype:trojan-activity;sid:84513879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000591478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650770/; classtype:trojan-activity;sid:84513870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650768/; classtype:trojan-activity;sid:84513868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650758/; classtype:trojan-activity;sid:84513858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650751/; classtype:trojan-activity;sid:84513851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000631756/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650748/; classtype:trojan-activity;sid:84513848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650745)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.146.57.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650745/; classtype:trojan-activity;sid:84513845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-04-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650746/; classtype:trojan-activity;sid:84513846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167557/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650744/; classtype:trojan-activity;sid:84513844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-12-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650741/; classtype:trojan-activity;sid:84513841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650739)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-07-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650739/; classtype:trojan-activity;sid:84513839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000232287/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650735/; classtype:trojan-activity;sid:84513835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650731)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650731/; classtype:trojan-activity;sid:84513831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-05-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650730/; classtype:trojan-activity;sid:84513830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000607873/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650729/; classtype:trojan-activity;sid:84513829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166887/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650726/; classtype:trojan-activity;sid:84513826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162883/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650720/; classtype:trojan-activity;sid:84513820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000680913/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650719/; classtype:trojan-activity;sid:84513819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650718/; classtype:trojan-activity;sid:84513818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-05-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650714/; classtype:trojan-activity;sid:84513814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167443/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650712/; classtype:trojan-activity;sid:84513812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650711)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650711/; classtype:trojan-activity;sid:84513811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566429/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650703/; classtype:trojan-activity;sid:84513803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-01-14/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650701/; classtype:trojan-activity;sid:84513801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650698)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650698/; classtype:trojan-activity;sid:84513798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166105/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650693/; classtype:trojan-activity;sid:84513793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650690/; classtype:trojan-activity;sid:84513790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164836/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650689/; classtype:trojan-activity;sid:84513789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2021-10-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650686/; classtype:trojan-activity;sid:84513786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650687)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650687/; classtype:trojan-activity;sid:84513787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165072/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650683/; classtype:trojan-activity;sid:84513783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650682)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650682/; classtype:trojan-activity;sid:84513782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000457040/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650678/; classtype:trojan-activity;sid:84513778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650679)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650679/; classtype:trojan-activity;sid:84513779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000218874/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650676/; classtype:trojan-activity;sid:84513776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171556/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650667/; classtype:trojan-activity;sid:84513767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224647/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650664/; classtype:trojan-activity;sid:84513764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165656/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650665/; classtype:trojan-activity;sid:84513765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650659/; classtype:trojan-activity;sid:84513759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603149/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650655/; classtype:trojan-activity;sid:84513755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-10-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650653/; classtype:trojan-activity;sid:84513753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650652)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650652/; classtype:trojan-activity;sid:84513752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171224/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650649/; classtype:trojan-activity;sid:84513749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000187451/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650640/; classtype:trojan-activity;sid:84513740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170836/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650638/; classtype:trojan-activity;sid:84513738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650633/; classtype:trojan-activity;sid:84513733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650631)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-05-04/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650631/; classtype:trojan-activity;sid:84513731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650624)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650624/; classtype:trojan-activity;sid:84513724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171296/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650622/; classtype:trojan-activity;sid:84513722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-10-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650617/; classtype:trojan-activity;sid:84513717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650616)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650616/; classtype:trojan-activity;sid:84513716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650614)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cpe90-146-57-238.liwest.at"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650614/; classtype:trojan-activity;sid:84513714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650611/; classtype:trojan-activity;sid:84513711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650612)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650612/; classtype:trojan-activity;sid:84513712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650609)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604318/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650609/; classtype:trojan-activity;sid:84513709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2024-06-19/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650600/; classtype:trojan-activity;sid:84513700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650598/; classtype:trojan-activity;sid:84513698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650596)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650596/; classtype:trojan-activity;sid:84513696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650597)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650597/; classtype:trojan-activity;sid:84513697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000426238/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650595/; classtype:trojan-activity;sid:84513695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650593/; classtype:trojan-activity;sid:84513693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650594/; classtype:trojan-activity;sid:84513694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650591/; classtype:trojan-activity;sid:84513691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650588)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650588/; classtype:trojan-activity;sid:84513688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650590/; classtype:trojan-activity;sid:84513690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172470/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650585/; classtype:trojan-activity;sid:84513685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168287/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650586/; classtype:trojan-activity;sid:84513686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585436/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650575/; classtype:trojan-activity;sid:84513675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171288/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650573/; classtype:trojan-activity;sid:84513673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650570)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.224.205.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650570/; classtype:trojan-activity;sid:84513670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000176793/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650568/; classtype:trojan-activity;sid:84513668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650569)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000213545/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650569/; classtype:trojan-activity;sid:84513669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650565)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167279/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650565/; classtype:trojan-activity;sid:84513665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650563)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650563/; classtype:trojan-activity;sid:84513663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167437/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650561/; classtype:trojan-activity;sid:84513661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650558/; classtype:trojan-activity;sid:84513658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650559)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650559/; classtype:trojan-activity;sid:84513659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650554)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606633/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650554/; classtype:trojan-activity;sid:84513654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167071/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650551/; classtype:trojan-activity;sid:84513651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650550/; classtype:trojan-activity;sid:84513650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172576/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650549/; classtype:trojan-activity;sid:84513649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650546/; classtype:trojan-activity;sid:84513646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650541)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650541/; classtype:trojan-activity;sid:84513641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2024-10-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650535/; classtype:trojan-activity;sid:84513635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171304/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650529/; classtype:trojan-activity;sid:84513629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650528)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650528/; classtype:trojan-activity;sid:84513628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650526/; classtype:trojan-activity;sid:84513626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-11-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650520/; classtype:trojan-activity;sid:84513620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650521/; classtype:trojan-activity;sid:84513621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650518/; classtype:trojan-activity;sid:84513618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650519/; classtype:trojan-activity;sid:84513619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650516)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-02-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650516/; classtype:trojan-activity;sid:84513616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650515)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650515/; classtype:trojan-activity;sid:84513615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2020-11-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650513/; classtype:trojan-activity;sid:84513613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166971/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650512/; classtype:trojan-activity;sid:84513612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164808/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650508/; classtype:trojan-activity;sid:84513608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650507/; classtype:trojan-activity;sid:84513607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650503/; classtype:trojan-activity;sid:84513603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650504)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170482/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650504/; classtype:trojan-activity;sid:84513604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165644/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650506/; classtype:trojan-activity;sid:84513606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000264706/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650493/; classtype:trojan-activity;sid:84513593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000562134/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650494/; classtype:trojan-activity;sid:84513594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000680914/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650498/; classtype:trojan-activity;sid:84513598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650499)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169171/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650499/; classtype:trojan-activity;sid:84513599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650500)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-06/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650500/; classtype:trojan-activity;sid:84513600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-11-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650502/; classtype:trojan-activity;sid:84513602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650492)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650492/; classtype:trojan-activity;sid:84513592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-11-28/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650491/; classtype:trojan-activity;sid:84513591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650487/; classtype:trojan-activity;sid:84513587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165020/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650482/; classtype:trojan-activity;sid:84513582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650483/; classtype:trojan-activity;sid:84513583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650480)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171284/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650480/; classtype:trojan-activity;sid:84513580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650477)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650477/; classtype:trojan-activity;sid:84513577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650476)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650476/; classtype:trojan-activity;sid:84513576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650473)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650473/; classtype:trojan-activity;sid:84513573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650472)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604651/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650472/; classtype:trojan-activity;sid:84513572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-11-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650468/; classtype:trojan-activity;sid:84513568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650467/; classtype:trojan-activity;sid:84513567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166079/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650465/; classtype:trojan-activity;sid:84513565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650461/; classtype:trojan-activity;sid:84513561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650457)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601171/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650457/; classtype:trojan-activity;sid:84513557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2024-01-02/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650454/; classtype:trojan-activity;sid:84513554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650450)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000159804/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650450/; classtype:trojan-activity;sid:84513550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650447)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-08-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650447/; classtype:trojan-activity;sid:84513547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650443)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566428/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650443/; classtype:trojan-activity;sid:84513543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650444)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-02-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650444/; classtype:trojan-activity;sid:84513544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650441)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168305/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650441/; classtype:trojan-activity;sid:84513541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650439)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170516/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650439/; classtype:trojan-activity;sid:84513539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650431)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000163666/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650431/; classtype:trojan-activity;sid:84513531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650429)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650429/; classtype:trojan-activity;sid:84513529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650430)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601753/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650430/; classtype:trojan-activity;sid:84513530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650423)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000629919/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650423/; classtype:trojan-activity;sid:84513523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000263120/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650422/; classtype:trojan-activity;sid:84513522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650415)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650415/; classtype:trojan-activity;sid:84513515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650412)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000237372/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650412/; classtype:trojan-activity;sid:84513512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650413)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650413/; classtype:trojan-activity;sid:84513513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650400)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650400/; classtype:trojan-activity;sid:84513500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650397/; classtype:trojan-activity;sid:84513497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650396)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650396/; classtype:trojan-activity;sid:84513496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000555505/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650390/; classtype:trojan-activity;sid:84513490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650389/; classtype:trojan-activity;sid:84513489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650388)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-05-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650388/; classtype:trojan-activity;sid:84513488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650386)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169865/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650386/; classtype:trojan-activity;sid:84513486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-11-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650387/; classtype:trojan-activity;sid:84513487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650383/; classtype:trojan-activity;sid:84513483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-07-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650384/; classtype:trojan-activity;sid:84513484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650381)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171312/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650381/; classtype:trojan-activity;sid:84513481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650379)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650379/; classtype:trojan-activity;sid:84513479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169769/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650374/; classtype:trojan-activity;sid:84513474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000573133/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650364/; classtype:trojan-activity;sid:84513464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606636/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650366/; classtype:trojan-activity;sid:84513466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650368/; classtype:trojan-activity;sid:84513468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546234/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650371/; classtype:trojan-activity;sid:84513471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650373)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650373/; classtype:trojan-activity;sid:84513473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650362)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586306/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650362/; classtype:trojan-activity;sid:84513462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650358)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170378/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650358/; classtype:trojan-activity;sid:84513458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650351)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650351/; classtype:trojan-activity;sid:84513451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650352/; classtype:trojan-activity;sid:84513452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650348)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160995/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650348/; classtype:trojan-activity;sid:84513448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650347/; classtype:trojan-activity;sid:84513447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650343)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650343/; classtype:trojan-activity;sid:84513443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650337)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168278/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650337/; classtype:trojan-activity;sid:84513437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170774/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650338/; classtype:trojan-activity;sid:84513438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000633210/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650340/; classtype:trojan-activity;sid:84513440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224648/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650331/; classtype:trojan-activity;sid:84513431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650332)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165504/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650332/; classtype:trojan-activity;sid:84513432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650325)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604442/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650325/; classtype:trojan-activity;sid:84513425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650327/; classtype:trojan-activity;sid:84513427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650318)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650318/; classtype:trojan-activity;sid:84513418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650319)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650319/; classtype:trojan-activity;sid:84513419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650320)"; flow:established,from_client; content:"GET"; http_method; content:"/github-file-info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"20.243.236.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650320/; classtype:trojan-activity;sid:84513420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650307)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650307/; classtype:trojan-activity;sid:84513407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650299)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650299/; classtype:trojan-activity;sid:84513399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166309/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650300/; classtype:trojan-activity;sid:84513400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553612/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650276/; classtype:trojan-activity;sid:84513376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169947/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650270/; classtype:trojan-activity;sid:84513370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650271)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165200/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650271/; classtype:trojan-activity;sid:84513371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650269)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/01/consulta%20n%c3%a3o%20encerrado/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650269/; classtype:trojan-activity;sid:84513369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650263)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650263/; classtype:trojan-activity;sid:84513363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650261/; classtype:trojan-activity;sid:84513361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650262)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650262/; classtype:trojan-activity;sid:84513362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-02-16/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650259/; classtype:trojan-activity;sid:84513359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650258)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168295/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650258/; classtype:trojan-activity;sid:84513358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650253)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585560/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650253/; classtype:trojan-activity;sid:84513353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650251)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-11-29/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650251/; classtype:trojan-activity;sid:84513351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604650/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650244/; classtype:trojan-activity;sid:84513344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604662/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650243/; classtype:trojan-activity;sid:84513343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-07-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650242/; classtype:trojan-activity;sid:84513342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650236)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650236/; classtype:trojan-activity;sid:84513336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168293/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650222/; classtype:trojan-activity;sid:84513322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650219)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-06-25/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650219/; classtype:trojan-activity;sid:84513319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162637/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650215/; classtype:trojan-activity;sid:84513315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600441/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650214/; classtype:trojan-activity;sid:84513314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000584368/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650213/; classtype:trojan-activity;sid:84513313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650200)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650200/; classtype:trojan-activity;sid:84513300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650201)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165935/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650201/; classtype:trojan-activity;sid:84513301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650195)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-10-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650195/; classtype:trojan-activity;sid:84513295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650196/; classtype:trojan-activity;sid:84513296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650193)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650193/; classtype:trojan-activity;sid:84513293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000179593/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650191/; classtype:trojan-activity;sid:84513291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650190)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650190/; classtype:trojan-activity;sid:84513290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650187/; classtype:trojan-activity;sid:84513287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-27/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650181/; classtype:trojan-activity;sid:84513281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2024-06-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650178/; classtype:trojan-activity;sid:84513278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000222522/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650170/; classtype:trojan-activity;sid:84513270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166869/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650162/; classtype:trojan-activity;sid:84513262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566150/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650160/; classtype:trojan-activity;sid:84513260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546495/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650161/; classtype:trojan-activity;sid:84513261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650159/; classtype:trojan-activity;sid:84513259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164138/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650146/; classtype:trojan-activity;sid:84513246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-12-22/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650138/; classtype:trojan-activity;sid:84513238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170520/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650130/; classtype:trojan-activity;sid:84513230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650129/; classtype:trojan-activity;sid:84513229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650127)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171256/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650127/; classtype:trojan-activity;sid:84513227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172428/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650123/; classtype:trojan-activity;sid:84513223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553463/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650122/; classtype:trojan-activity;sid:84513222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2023-11-14/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650117/; classtype:trojan-activity;sid:84513217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165900/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650118/; classtype:trojan-activity;sid:84513218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-04-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650114/; classtype:trojan-activity;sid:84513214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650115/; classtype:trojan-activity;sid:84513215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566395/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650112/; classtype:trojan-activity;sid:84513212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-08-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650111/; classtype:trojan-activity;sid:84513211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171314/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650107/; classtype:trojan-activity;sid:84513207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650105/; classtype:trojan-activity;sid:84513205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567163/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650104/; classtype:trojan-activity;sid:84513204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171298/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650093/; classtype:trojan-activity;sid:84513193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168275/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650092/; classtype:trojan-activity;sid:84513192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650086/; classtype:trojan-activity;sid:84513186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-03-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650087/; classtype:trojan-activity;sid:84513187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650085/; classtype:trojan-activity;sid:84513185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-03-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650083/; classtype:trojan-activity;sid:84513183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-11-24/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650082/; classtype:trojan-activity;sid:84513182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166259/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650079/; classtype:trojan-activity;sid:84513179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-02-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650080/; classtype:trojan-activity;sid:84513180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165824/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650078/; classtype:trojan-activity;sid:84513178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650071/; classtype:trojan-activity;sid:84513171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600293/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650067/; classtype:trojan-activity;sid:84513167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567166/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650058/; classtype:trojan-activity;sid:84513158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650061)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650061/; classtype:trojan-activity;sid:84513161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-10-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650055/; classtype:trojan-activity;sid:84513155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-08-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650056/; classtype:trojan-activity;sid:84513156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650054/; classtype:trojan-activity;sid:84513154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567145/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650051/; classtype:trojan-activity;sid:84513151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-05-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650047/; classtype:trojan-activity;sid:84513147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650048/; classtype:trojan-activity;sid:84513148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650044)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650044/; classtype:trojan-activity;sid:84513144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2021-08-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650038/; classtype:trojan-activity;sid:84513138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650035/; classtype:trojan-activity;sid:84513135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167243/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650036/; classtype:trojan-activity;sid:84513136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169473/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650028/; classtype:trojan-activity;sid:84513128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171454/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650026/; classtype:trojan-activity;sid:84513126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170532/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650023/; classtype:trojan-activity;sid:84513123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650020/; classtype:trojan-activity;sid:84513120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-09-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650007/; classtype:trojan-activity;sid:84513107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000543689/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650004/; classtype:trojan-activity;sid:84513104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000633209/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650001/; classtype:trojan-activity;sid:84513101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546233/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649996/; classtype:trojan-activity;sid:84513096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000173466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649995/; classtype:trojan-activity;sid:84513095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585575/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649992/; classtype:trojan-activity;sid:84513092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-10-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649985/; classtype:trojan-activity;sid:84513085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171194/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649986/; classtype:trojan-activity;sid:84513086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172163/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649987/; classtype:trojan-activity;sid:84513087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649984)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649984/; classtype:trojan-activity;sid:84513084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586961/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649980/; classtype:trojan-activity;sid:84513080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000609592/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649981/; classtype:trojan-activity;sid:84513081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649968)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649968/; classtype:trojan-activity;sid:84513068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649964/; classtype:trojan-activity;sid:84513064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-02-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649961/; classtype:trojan-activity;sid:84513061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172788/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649959/; classtype:trojan-activity;sid:84513059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000237371/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649956/; classtype:trojan-activity;sid:84513056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000552709/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649952/; classtype:trojan-activity;sid:84513052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168509/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649944/; classtype:trojan-activity;sid:84513044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000683761/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649943/; classtype:trojan-activity;sid:84513043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649937/; classtype:trojan-activity;sid:84513037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649935/; classtype:trojan-activity;sid:84513035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567164/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649932/; classtype:trojan-activity;sid:84513032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171888/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649930/; classtype:trojan-activity;sid:84513030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165116/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649931/; classtype:trojan-activity;sid:84513031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649928/; classtype:trojan-activity;sid:84513028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649922/; classtype:trojan-activity;sid:84513022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000208170/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649923/; classtype:trojan-activity;sid:84513023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000264645/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649919/; classtype:trojan-activity;sid:84513019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649914/; classtype:trojan-activity;sid:84513014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171458/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649910/; classtype:trojan-activity;sid:84513010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000617432/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649900/; classtype:trojan-activity;sid:84513000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649901)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-11-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649901/; classtype:trojan-activity;sid:84513001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649897/; classtype:trojan-activity;sid:84512997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-04-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649899/; classtype:trojan-activity;sid:84512999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624762/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649896/; classtype:trojan-activity;sid:84512996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000265247/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649895/; classtype:trojan-activity;sid:84512995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649890)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"24.251.252.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649890/; classtype:trojan-activity;sid:84512990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165014/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649888/; classtype:trojan-activity;sid:84512988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165090/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649885/; classtype:trojan-activity;sid:84512985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168749/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649886/; classtype:trojan-activity;sid:84512986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172574/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649884/; classtype:trojan-activity;sid:84512984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167339/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649881/; classtype:trojan-activity;sid:84512981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000212326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649878/; classtype:trojan-activity;sid:84512978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603747/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649874/; classtype:trojan-activity;sid:84512974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000746890/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649870/; classtype:trojan-activity;sid:84512970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160628/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649867/; classtype:trojan-activity;sid:84512967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171452/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649868/; classtype:trojan-activity;sid:84512968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649869/; classtype:trojan-activity;sid:84512969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649865)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"75.42.36.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649865/; classtype:trojan-activity;sid:84512965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164253/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649864/; classtype:trojan-activity;sid:84512964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000426237/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649863/; classtype:trojan-activity;sid:84512963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649861/; classtype:trojan-activity;sid:84512961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649856/; classtype:trojan-activity;sid:84512956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649850/; classtype:trojan-activity;sid:84512950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649848)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-02/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649848/; classtype:trojan-activity;sid:84512948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649844)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649844/; classtype:trojan-activity;sid:84512944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649840)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649840/; classtype:trojan-activity;sid:84512940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170894/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649839/; classtype:trojan-activity;sid:84512939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649837)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649837/; classtype:trojan-activity;sid:84512937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171742/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649833/; classtype:trojan-activity;sid:84512933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171248/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649821/; classtype:trojan-activity;sid:84512921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649815/; classtype:trojan-activity;sid:84512915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649802/; classtype:trojan-activity;sid:84512902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000465109/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649801/; classtype:trojan-activity;sid:84512901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172568/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649790/; classtype:trojan-activity;sid:84512890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649788/; classtype:trojan-activity;sid:84512888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000226537/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649783/; classtype:trojan-activity;sid:84512883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2022-02-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649780/; classtype:trojan-activity;sid:84512880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-07-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649777/; classtype:trojan-activity;sid:84512877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649775/; classtype:trojan-activity;sid:84512875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166135/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649771/; classtype:trojan-activity;sid:84512871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-06-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649768/; classtype:trojan-activity;sid:84512868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000583935/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649762/; classtype:trojan-activity;sid:84512862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-06-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649760/; classtype:trojan-activity;sid:84512860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649761/; classtype:trojan-activity;sid:84512861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165999/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649751/; classtype:trojan-activity;sid:84512851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649744/; classtype:trojan-activity;sid:84512844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649738)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2024-07-06/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649738/; classtype:trojan-activity;sid:84512838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000557542/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649730/; classtype:trojan-activity;sid:84512830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649731)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167115/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649731/; classtype:trojan-activity;sid:84512831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649707)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649707/; classtype:trojan-activity;sid:84512807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168301/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649699/; classtype:trojan-activity;sid:84512799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171474/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649701/; classtype:trojan-activity;sid:84512801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-09-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649702/; classtype:trojan-activity;sid:84512802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167423/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649692/; classtype:trojan-activity;sid:84512792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649689/; classtype:trojan-activity;sid:84512789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649682)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649682/; classtype:trojan-activity;sid:84512782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171702/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649681/; classtype:trojan-activity;sid:84512781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171468/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649677/; classtype:trojan-activity;sid:84512777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649673)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000230418/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649673/; classtype:trojan-activity;sid:84512773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166739/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649674/; classtype:trojan-activity;sid:84512774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649672/; classtype:trojan-activity;sid:84512772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000552326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649669/; classtype:trojan-activity;sid:84512769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649663/; classtype:trojan-activity;sid:84512763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649662)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649662/; classtype:trojan-activity;sid:84512762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649656/; classtype:trojan-activity;sid:84512756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169927/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649655/; classtype:trojan-activity;sid:84512755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649651)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-08-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649651/; classtype:trojan-activity;sid:84512751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-12-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649653/; classtype:trojan-activity;sid:84512753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649650/; classtype:trojan-activity;sid:84512750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000543908/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649647/; classtype:trojan-activity;sid:84512747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172094/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649643/; classtype:trojan-activity;sid:84512743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649644)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000542543/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649644/; classtype:trojan-activity;sid:84512744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162506/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649635/; classtype:trojan-activity;sid:84512735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-04-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649636/; classtype:trojan-activity;sid:84512736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171302/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649622/; classtype:trojan-activity;sid:84512722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649626)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166801/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649626/; classtype:trojan-activity;sid:84512726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649618)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649618/; classtype:trojan-activity;sid:84512718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160981/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649613/; classtype:trojan-activity;sid:84512713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649607)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000551812/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649607/; classtype:trojan-activity;sid:84512707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649605)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649605/; classtype:trojan-activity;sid:84512705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-10-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649599/; classtype:trojan-activity;sid:84512699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649594/; classtype:trojan-activity;sid:84512694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649588)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649588/; classtype:trojan-activity;sid:84512688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649590/; classtype:trojan-activity;sid:84512690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649580)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649580/; classtype:trojan-activity;sid:84512680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-05-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649578/; classtype:trojan-activity;sid:84512678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168299/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649576/; classtype:trojan-activity;sid:84512676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167451/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649577/; classtype:trojan-activity;sid:84512677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160619/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649573/; classtype:trojan-activity;sid:84512673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171294/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649574/; classtype:trojan-activity;sid:84512674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649572)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171316/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649572/; classtype:trojan-activity;sid:84512672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649570)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649570/; classtype:trojan-activity;sid:84512670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000223168/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649567/; classtype:trojan-activity;sid:84512667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649560)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649560/; classtype:trojan-activity;sid:84512660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649556)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168281/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649556/; classtype:trojan-activity;sid:84512656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171358/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649549/; classtype:trojan-activity;sid:84512649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167601/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649551/; classtype:trojan-activity;sid:84512651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2024-06-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649552/; classtype:trojan-activity;sid:84512652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600310/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649544/; classtype:trojan-activity;sid:84512644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-10-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649535/; classtype:trojan-activity;sid:84512635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166323/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649533/; classtype:trojan-activity;sid:84512633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649532)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000732234/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649532/; classtype:trojan-activity;sid:84512632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649529/; classtype:trojan-activity;sid:84512629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649528)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000223167/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649528/; classtype:trojan-activity;sid:84512628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000584370/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649521/; classtype:trojan-activity;sid:84512621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000583934/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649517/; classtype:trojan-activity;sid:84512617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165844/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649514/; classtype:trojan-activity;sid:84512614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649506/; classtype:trojan-activity;sid:84512606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165184/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649503/; classtype:trojan-activity;sid:84512603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649498/; classtype:trojan-activity;sid:84512598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649495/; classtype:trojan-activity;sid:84512595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649494/; classtype:trojan-activity;sid:84512594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168365/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649492/; classtype:trojan-activity;sid:84512592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649489)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-03-26/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649489/; classtype:trojan-activity;sid:84512589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649486)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-03-01/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649486/; classtype:trojan-activity;sid:84512586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649484)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649484/; classtype:trojan-activity;sid:84512584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000209999/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649483/; classtype:trojan-activity;sid:84512583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164122/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649468/; classtype:trojan-activity;sid:84512568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649459)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567165/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649459/; classtype:trojan-activity;sid:84512559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649456/; classtype:trojan-activity;sid:84512556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649458)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649458/; classtype:trojan-activity;sid:84512558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649455)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171854/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649455/; classtype:trojan-activity;sid:84512555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604321/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649440/; classtype:trojan-activity;sid:84512540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649427/; classtype:trojan-activity;sid:84512527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160615/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649424/; classtype:trojan-activity;sid:84512524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649420)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649420/; classtype:trojan-activity;sid:84512520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649418)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171250/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649418/; classtype:trojan-activity;sid:84512518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165250/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649416/; classtype:trojan-activity;sid:84512516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171286/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649414/; classtype:trojan-activity;sid:84512514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169527/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649411/; classtype:trojan-activity;sid:84512511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649406)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171402/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649406/; classtype:trojan-activity;sid:84512506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649402)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-02/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649402/; classtype:trojan-activity;sid:84512502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2021-05-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649397/; classtype:trojan-activity;sid:84512497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649395/; classtype:trojan-activity;sid:84512495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649392/; classtype:trojan-activity;sid:84512492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168553/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649389/; classtype:trojan-activity;sid:84512489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171462/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649387/; classtype:trojan-activity;sid:84512487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649385)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-12-12/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649385/; classtype:trojan-activity;sid:84512485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649382/; classtype:trojan-activity;sid:84512482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649379)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606635/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649379/; classtype:trojan-activity;sid:84512479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649380/; classtype:trojan-activity;sid:84512480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649377)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000238203/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649377/; classtype:trojan-activity;sid:84512477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649375)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649375/; classtype:trojan-activity;sid:84512475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649376)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649376/; classtype:trojan-activity;sid:84512476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171242/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649372/; classtype:trojan-activity;sid:84512472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649370/; classtype:trojan-activity;sid:84512470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171464/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649365/; classtype:trojan-activity;sid:84512465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-07-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649366/; classtype:trojan-activity;sid:84512466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649363/; classtype:trojan-activity;sid:84512463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171332/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649360/; classtype:trojan-activity;sid:84512460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649359)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649359/; classtype:trojan-activity;sid:84512459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649357)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166237/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649357/; classtype:trojan-activity;sid:84512457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649354)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165850/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649354/; classtype:trojan-activity;sid:84512454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649355)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649355/; classtype:trojan-activity;sid:84512455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000213544/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649353/; classtype:trojan-activity;sid:84512453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649352/; classtype:trojan-activity;sid:84512452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000265246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649346/; classtype:trojan-activity;sid:84512446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649338/; classtype:trojan-activity;sid:84512438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649336)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-06-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649336/; classtype:trojan-activity;sid:84512436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649335)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000587212/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649335/; classtype:trojan-activity;sid:84512435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649332)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172165/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649332/; classtype:trojan-activity;sid:84512432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649329)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165794/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649329/; classtype:trojan-activity;sid:84512429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649326)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000173022/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649326/; classtype:trojan-activity;sid:84512426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-06/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649327/; classtype:trojan-activity;sid:84512427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649321/; classtype:trojan-activity;sid:84512421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649323)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2023-11-20/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649323/; classtype:trojan-activity;sid:84512423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566420/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649310/; classtype:trojan-activity;sid:84512410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567141/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649309/; classtype:trojan-activity;sid:84512409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000215215/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649306/; classtype:trojan-activity;sid:84512406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649305/; classtype:trojan-activity;sid:84512405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000562903/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649303/; classtype:trojan-activity;sid:84512403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649299)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649299/; classtype:trojan-activity;sid:84512399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649295)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567162/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649295/; classtype:trojan-activity;sid:84512395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649290/; classtype:trojan-activity;sid:84512390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649286/; classtype:trojan-activity;sid:84512386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-06-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649285/; classtype:trojan-activity;sid:84512385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649284/; classtype:trojan-activity;sid:84512384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649281/; classtype:trojan-activity;sid:84512381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168063/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649278/; classtype:trojan-activity;sid:84512378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649275)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649275/; classtype:trojan-activity;sid:84512375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649270/; classtype:trojan-activity;sid:84512370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649266)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649266/; classtype:trojan-activity;sid:84512366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649256)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649256/; classtype:trojan-activity;sid:84512356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000558592/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649250/; classtype:trojan-activity;sid:84512350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649252)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-06-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649252/; classtype:trojan-activity;sid:84512352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649243/; classtype:trojan-activity;sid:84512343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171090/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649242/; classtype:trojan-activity;sid:84512342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-17/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649231/; classtype:trojan-activity;sid:84512331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-27/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649215/; classtype:trojan-activity;sid:84512315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649213/; classtype:trojan-activity;sid:84512313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649208)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-12-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649208/; classtype:trojan-activity;sid:84512308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649205/; classtype:trojan-activity;sid:84512305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649196/; classtype:trojan-activity;sid:84512296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649193)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600544/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649193/; classtype:trojan-activity;sid:84512293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165480/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649189/; classtype:trojan-activity;sid:84512289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649191/; classtype:trojan-activity;sid:84512291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649186/; classtype:trojan-activity;sid:84512286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000564863/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649180/; classtype:trojan-activity;sid:84512280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649179/; classtype:trojan-activity;sid:84512279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162652/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649173/; classtype:trojan-activity;sid:84512273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-10-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649160/; classtype:trojan-activity;sid:84512260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166657/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649158/; classtype:trojan-activity;sid:84512258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625429/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649149/; classtype:trojan-activity;sid:84512249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600309/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649145/; classtype:trojan-activity;sid:84512245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000556239/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649143/; classtype:trojan-activity;sid:84512243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000765367/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649144/; classtype:trojan-activity;sid:84512244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649142)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625325/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649142/; classtype:trojan-activity;sid:84512242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2021-11-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649137/; classtype:trojan-activity;sid:84512237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/9929/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649135/; classtype:trojan-activity;sid:84512235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649136/; classtype:trojan-activity;sid:84512236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171244/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649130/; classtype:trojan-activity;sid:84512230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649128/; classtype:trojan-activity;sid:84512228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168297/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649124/; classtype:trojan-activity;sid:84512224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-07-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649120/; classtype:trojan-activity;sid:84512220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168387/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649118/; classtype:trojan-activity;sid:84512218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606634/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649119/; classtype:trojan-activity;sid:84512219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000551813/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649110/; classtype:trojan-activity;sid:84512210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-03-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649111/; classtype:trojan-activity;sid:84512211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164394/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649112/; classtype:trojan-activity;sid:84512212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166665/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649107/; classtype:trojan-activity;sid:84512207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224583/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649108/; classtype:trojan-activity;sid:84512208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649097/; classtype:trojan-activity;sid:84512197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170506/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649099/; classtype:trojan-activity;sid:84512199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649092/; classtype:trojan-activity;sid:84512192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2022-03-09/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649089/; classtype:trojan-activity;sid:84512189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000591279/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649084/; classtype:trojan-activity;sid:84512184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649082/; classtype:trojan-activity;sid:84512182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165248/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649080/; classtype:trojan-activity;sid:84512180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000225746/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649078/; classtype:trojan-activity;sid:84512178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649077/; classtype:trojan-activity;sid:84512177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649071/; classtype:trojan-activity;sid:84512171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-10-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649068/; classtype:trojan-activity;sid:84512168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166183/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649061/; classtype:trojan-activity;sid:84512161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-05-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649062/; classtype:trojan-activity;sid:84512162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649058/; classtype:trojan-activity;sid:84512158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000616852/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649055/; classtype:trojan-activity;sid:84512155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649056/; classtype:trojan-activity;sid:84512156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-27/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649050/; classtype:trojan-activity;sid:84512150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649048/; classtype:trojan-activity;sid:84512148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649043/; classtype:trojan-activity;sid:84512143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649044/; classtype:trojan-activity;sid:84512144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649039/; classtype:trojan-activity;sid:84512139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170776/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649033/; classtype:trojan-activity;sid:84512133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160612/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649034/; classtype:trojan-activity;sid:84512134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2020-12-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649035/; classtype:trojan-activity;sid:84512135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649037/; classtype:trojan-activity;sid:84512137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171306/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649027/; classtype:trojan-activity;sid:84512127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160718/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649028/; classtype:trojan-activity;sid:84512128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604673/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649029/; classtype:trojan-activity;sid:84512129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649020/; classtype:trojan-activity;sid:84512120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164236/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649021/; classtype:trojan-activity;sid:84512121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649016/; classtype:trojan-activity;sid:84512116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171640/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649012/; classtype:trojan-activity;sid:84512112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-01-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649008/; classtype:trojan-activity;sid:84512108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649005/; classtype:trojan-activity;sid:84512105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586305/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649003/; classtype:trojan-activity;sid:84512103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2024-08-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648998/; classtype:trojan-activity;sid:84512098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-05-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648994/; classtype:trojan-activity;sid:84512094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166851/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648995/; classtype:trojan-activity;sid:84512095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-11-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648996/; classtype:trojan-activity;sid:84512096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791001053/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648997/; classtype:trojan-activity;sid:84512097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553613/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648988/; classtype:trojan-activity;sid:84512088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648982/; classtype:trojan-activity;sid:84512082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648979)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648979/; classtype:trojan-activity;sid:84512079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172670/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648972/; classtype:trojan-activity;sid:84512072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164510/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648973/; classtype:trojan-activity;sid:84512073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648963/; classtype:trojan-activity;sid:84512063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-09-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648964/; classtype:trojan-activity;sid:84512064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167219/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648966/; classtype:trojan-activity;sid:84512066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648968/; classtype:trojan-activity;sid:84512068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648960/; classtype:trojan-activity;sid:84512060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171308/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648957/; classtype:trojan-activity;sid:84512057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000556238/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648956/; classtype:trojan-activity;sid:84512056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171858/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648954/; classtype:trojan-activity;sid:84512054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-12-21/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648953/; classtype:trojan-activity;sid:84512053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160742/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648952/; classtype:trojan-activity;sid:84512052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000629918/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648941/; classtype:trojan-activity;sid:84512041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/18296147000306/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648942/; classtype:trojan-activity;sid:84512042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648943/; classtype:trojan-activity;sid:84512043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566149/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648936/; classtype:trojan-activity;sid:84512036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168121/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648933/; classtype:trojan-activity;sid:84512033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165244/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648926/; classtype:trojan-activity;sid:84512026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-12-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648927/; classtype:trojan-activity;sid:84512027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-02-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648928/; classtype:trojan-activity;sid:84512028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648930/; classtype:trojan-activity;sid:84512030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648931/; classtype:trojan-activity;sid:84512031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000226538/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648921/; classtype:trojan-activity;sid:84512021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648914/; classtype:trojan-activity;sid:84512014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000201084/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648912/; classtype:trojan-activity;sid:84512012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648904/; classtype:trojan-activity;sid:84512004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168527/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648900/; classtype:trojan-activity;sid:84512000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648898)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648898/; classtype:trojan-activity;sid:84511998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-06-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648893/; classtype:trojan-activity;sid:84511993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648891)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167509/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648891/; classtype:trojan-activity;sid:84511991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648889)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171476/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at